]>
Commit | Line | Data |
---|---|---|
397c4fed IB |
1 | --- |
2 | - name: Config files | |
3 | synchronize: | |
4 | recursive: yes | |
5 | archive: no | |
6 | checksum: yes | |
7 | src: gnupg | |
8 | dest: /$XDG_CONFIG_HOME/ | |
9 | - name: Protect directory | |
10 | file: | |
11 | path: $XDG_CONFIG_HOME/gnupg | |
12 | state: directory | |
13 | mode: 0700 | |
14 | - name: Get gnupg runtime folder name | |
b6984948 | 15 | shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"' |
397c4fed | 16 | register: gnupg_runtime_dir_cmd |
b6984948 | 17 | changed_when: false |
d03cede6 | 18 | check_mode: no |
b6984948 IB |
19 | - name: check existing secret key |
20 | shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'" | |
21 | changed_when: false | |
22 | ignore_errors: true | |
23 | register: gpgkeys | |
d03cede6 | 24 | check_mode: no |
b6984948 IB |
25 | - name: ask for gpg password |
26 | pause: | |
27 | prompt: "Chose gpg password" | |
28 | echo: false | |
29 | register: gpg_password | |
30 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | |
31 | - name: confirm gpg password | |
32 | pause: | |
33 | prompt: "Confirm gpg password" | |
34 | echo: false | |
35 | register: gpg_password_confirm | |
36 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | |
37 | - name: check gpg password | |
38 | assert: | |
39 | that: gpg_password_confirm.user_input == gpg_password.user_input | |
40 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | |
41 | - name: copy default template for gpg key generation | |
42 | template: | |
43 | src: gen-key-script.j2 | |
44 | dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
45 | mode: 0600 | |
46 | no_log: true | |
47 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | |
48 | - name: generate gpg key | |
49 | command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
50 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | |
51 | register: genkey | |
52 | - name: remove template file | |
53 | file: | |
54 | path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
55 | state: absent | |
56 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | |
57 | - name: get keygrip | |
58 | shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10" | |
59 | register: keygrip | |
60 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | |
61 | notify: | |
62 | - notify add key to immae@immae.eu | |
63 | - send key to immae@immae.eu | |
64 | - notify add key to password store | |
65 | - name: add keygrip to sshcontrol | |
66 | lineinfile: | |
67 | line: "{{ keygrip.stdout }}" | |
68 | insertafter: EOF | |
69 | dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol" | |
70 | create: true | |
71 | state: present | |
72 | when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != "" | |
73 | notify: | |
74 | - restart gpg-agent | |
397c4fed IB |
75 | - name: Add systemd overrides |
76 | template: | |
77 | src: "systemd/{{ item }}.conf.j2" | |
78 | dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf" | |
79 | register: results | |
80 | loop: | |
81 | - dirmngr | |
82 | - gpg-agent | |
83 | - gpg-agent-browser | |
84 | - gpg-agent-extra | |
85 | - gpg-agent-ssh | |
86 | - name: Restart systemd units | |
87 | systemd: | |
88 | daemon_reload: true | |
89 | scope: user | |
90 | state: restarted | |
91 | name: "{{ item }}.socket" | |
92 | loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}" | |
b6984948 IB |
93 | - name: clone password store |
94 | register: clone_password_store | |
95 | shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store" | |
96 | changed_when: clone_password_store is defined and "stdout" in clone_password_store and clone_password_store.stdout != "" |