fix(bootstrap): use explicit keyring for debootstrap and copy resolv.conf

roles/bootstrap/tasks/ubuntu.yml

@@ -39,17 +39,20 @@
 
     - name: Install Ubuntu base system
       ansible.builtin.command: >-
-        debootstrap --include={{ bootstrap_ubuntu_base_csv }}
+        debootstrap
+        --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg
+        --include={{ bootstrap_ubuntu_base_csv }}
         {{ bootstrap_ubuntu_release }} /mnt
         http://archive.ubuntu.com/ubuntu/
       register: bootstrap_ubuntu_base_result
       changed_when: bootstrap_ubuntu_base_result.rc == 0
 
     - name: Ensure chroot has resolv.conf
-      ansible.builtin.file:
-        src: /run/NetworkManager/resolv.conf
+      ansible.builtin.copy:
+        src: /etc/resolv.conf
         dest: /mnt/etc/resolv.conf
-        state: link
+        remote_src: true
+        mode: "0644"
 
     - name: Enable universe repository
       ansible.builtin.command: "{{ chroot_command }} sed -i '1s|$| universe|' /etc/apt/sources.list"