shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
register: gnupg_runtime_dir_cmd
changed_when: false
+ check_mode: no
- name: check existing secret key
shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
changed_when: false
ignore_errors: true
register: gpgkeys
-- name: ask for gpg password
- pause:
- prompt: "Chose gpg password"
- echo: false
- register: gpg_password
- when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-- name: confirm gpg password
- pause:
- prompt: "Confirm gpg password"
- echo: false
- register: gpg_password_confirm
- when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-- name: check gpg password
- assert:
- that: gpg_password_confirm.user_input == gpg_password.user_input
- when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-- name: copy default template for gpg key generation
- template:
- src: gen-key-script.j2
- dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
- mode: 0600
- no_log: true
- when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-- name: generate gpg key
- command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
- when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
- register: genkey
-- name: remove template file
- file:
- path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
- state: absent
- when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+ check_mode: no
+- name: Ask for gpg password
+ when: gpgkeys.stdout == ""
+ block:
+ - name: Ask for gpg password
+ pause:
+ prompt: "Chose gpg password"
+ echo: false
+ register: gpg_password
+ - name: Confirm gpg password
+ pause:
+ prompt: "Confirm gpg password"
+ echo: false
+ register: gpg_password_confirm
+ - name: check gpg password
+ assert:
+ that: gpg_password_confirm.user_input == gpg_password.user_input
+- name: Generate gpg key
+ when: gpgkeys.stdout == ""
+ block:
+ - name: Copy default template for gpg key generation
+ template:
+ src: gen-key-script.j2
+ dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ mode: 0600
+ no_log: true
+ - name: Generate gpg key
+ command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ register: genkey
+ always:
+ - name: Remove template file
+ file:
+ path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ state: absent
- name: get keygrip
shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
register: keygrip
- when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+ when: gpgkeys.stdout == ""
notify:
- notify add key to immae@immae.eu
- send key to immae@immae.eu
when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
notify:
- restart gpg-agent
-- name: Add systemd overrides
- template:
- src: "systemd/{{ item }}.conf.j2"
- dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
- register: results
- loop:
- - dirmngr
- - gpg-agent
- - gpg-agent-browser
- - gpg-agent-extra
- - gpg-agent-ssh
-- name: Restart systemd units
- systemd:
- daemon_reload: true
- scope: user
- state: restarted
- name: "{{ item }}.socket"
- loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
+- name: Override the gpg socket directory
+ block:
+ - name: Add systemd overrides
+ template:
+ src: "systemd/{{ item }}.conf.j2"
+ dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
+ register: results
+ loop:
+ - dirmngr
+ - gpg-agent
+ - gpg-agent-browser
+ - gpg-agent-extra
+ - gpg-agent-ssh
+ - name: Restart systemd units
+ systemd:
+ daemon_reload: true
+ scope: user
+ state: restarted
+ name: "{{ item }}.socket"
+ loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
- name: clone password store
register: clone_password_store
shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"