+ changed_when: false
+- name: check existing secret key
+ shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
+ changed_when: false
+ ignore_errors: true
+ register: gpgkeys
+- name: ask for gpg password
+ pause:
+ prompt: "Chose gpg password"
+ echo: false
+ register: gpg_password
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: confirm gpg password
+ pause:
+ prompt: "Confirm gpg password"
+ echo: false
+ register: gpg_password_confirm
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: check gpg password
+ assert:
+ that: gpg_password_confirm.user_input == gpg_password.user_input
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: copy default template for gpg key generation
+ template:
+ src: gen-key-script.j2
+ dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ mode: 0600
+ no_log: true
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: generate gpg key
+ command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+ register: genkey
+- name: remove template file
+ file:
+ path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ state: absent
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: get keygrip
+ shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
+ register: keygrip
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+ notify:
+ - notify add key to immae@immae.eu
+ - send key to immae@immae.eu
+ - notify add key to password store
+- name: add keygrip to sshcontrol
+ lineinfile:
+ line: "{{ keygrip.stdout }}"
+ insertafter: EOF
+ dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
+ create: true
+ state: present
+ when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
+ notify:
+ - restart gpg-agent