]>
Commit | Line | Data |
---|---|---|
397c4fed | 1 | --- |
587b6dd6 IB |
2 | - name: Config dirs |
3 | file: | |
4 | state: directory | |
e1c588d3 | 5 | path: "$XDG_CONFIG_HOME/{{ item }}" |
587b6dd6 IB |
6 | mode: 0700 |
7 | loop: | |
8 | - gnupg | |
397c4fed | 9 | - name: Config files |
eac82f28 | 10 | copy: |
e1c588d3 IB |
11 | src: "gnupg/{{ item }}" |
12 | dest: "$XDG_CONFIG_HOME/gnupg/{{ item }}" | |
eac82f28 IB |
13 | loop: |
14 | - gpg-agent.conf | |
dfd05afe IB |
15 | - name: gpg config file |
16 | template: | |
17 | src: "gpg.conf.j2" | |
18 | dest: "$XDG_CONFIG_HOME/gnupg/gpg.conf" | |
397c4fed | 19 | - name: Get gnupg runtime folder name |
b6984948 | 20 | shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"' |
397c4fed | 21 | register: gnupg_runtime_dir_cmd |
b6984948 | 22 | changed_when: false |
d03cede6 | 23 | check_mode: no |
b6984948 | 24 | - name: check existing secret key |
39749dd7 | 25 | tags: ["no_bootstrap"] |
b6984948 IB |
26 | shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'" |
27 | changed_when: false | |
28 | ignore_errors: true | |
29 | register: gpgkeys | |
d03cede6 | 30 | check_mode: no |
cf86d448 | 31 | - name: Ask for gpg password |
39749dd7 | 32 | when: gpgkeys is defined and gpgkeys.stdout == "" |
cf86d448 IB |
33 | block: |
34 | - name: Ask for gpg password | |
35 | pause: | |
36 | prompt: "Chose gpg password" | |
37 | echo: false | |
38 | register: gpg_password | |
39 | - name: Confirm gpg password | |
40 | pause: | |
41 | prompt: "Confirm gpg password" | |
42 | echo: false | |
43 | register: gpg_password_confirm | |
44 | - name: check gpg password | |
45 | assert: | |
46 | that: gpg_password_confirm.user_input == gpg_password.user_input | |
47 | - name: Generate gpg key | |
39749dd7 | 48 | when: gpgkeys is defined and gpgkeys.stdout == "" |
cf86d448 IB |
49 | block: |
50 | - name: Copy default template for gpg key generation | |
51 | template: | |
52 | src: gen-key-script.j2 | |
53 | dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
54 | mode: 0600 | |
55 | no_log: true | |
56 | - name: Generate gpg key | |
57 | command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
58 | register: genkey | |
59 | always: | |
60 | - name: Remove template file | |
61 | file: | |
62 | path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
63 | state: absent | |
b6984948 IB |
64 | - name: get keygrip |
65 | shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10" | |
66 | register: keygrip | |
39749dd7 | 67 | when: gpgkeys is defined and gpgkeys.stdout == "" |
b6984948 IB |
68 | notify: |
69 | - notify add key to immae@immae.eu | |
70 | - send key to immae@immae.eu | |
71 | - notify add key to password store | |
eac82f28 | 72 | - meta: flush_handlers |
b6984948 IB |
73 | - name: add keygrip to sshcontrol |
74 | lineinfile: | |
75 | line: "{{ keygrip.stdout }}" | |
76 | insertafter: EOF | |
77 | dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol" | |
78 | create: true | |
79 | state: present | |
80 | when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != "" | |
81 | notify: | |
82 | - restart gpg-agent | |
eac82f28 | 83 | - meta: flush_handlers |
cf86d448 IB |
84 | - name: Override the gpg socket directory |
85 | block: | |
df352b46 IB |
86 | - name: Add systemd overrides directory |
87 | file: | |
88 | path: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d" | |
89 | state: directory | |
90 | loop: | |
91 | - dirmngr | |
92 | - gpg-agent | |
93 | - gpg-agent-browser | |
94 | - gpg-agent-extra | |
95 | - gpg-agent-ssh | |
cf86d448 IB |
96 | - name: Add systemd overrides |
97 | template: | |
e1c588d3 IB |
98 | src: "systemd/{{ item }}.conf.j2" |
99 | dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf" | |
cf86d448 IB |
100 | register: results |
101 | loop: | |
102 | - dirmngr | |
103 | - gpg-agent | |
104 | - gpg-agent-browser | |
105 | - gpg-agent-extra | |
106 | - gpg-agent-ssh | |
107 | - name: Restart systemd units | |
108 | systemd: | |
109 | daemon_reload: true | |
110 | scope: user | |
111 | state: restarted | |
e1c588d3 | 112 | name: "{{ item }}.socket" |
cf86d448 | 113 | loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}" |