---
- name: Config files
- synchronize:
- recursive: yes
- archive: no
- checksum: yes
- src: gnupg
- dest: /$XDG_CONFIG_HOME/
+ copy:
+ src: "gnupg/{{ gnupg_config_item }}"
+ dest: "$XDG_CONFIG_HOME/gnupg/{{ gnupg_config_item }}"
+ loop:
+ - gpg-agent.conf
+ - gpg.conf
+ loop_control:
+ loop_var: gnupg_config_item
- name: Protect directory
file:
path: $XDG_CONFIG_HOME/gnupg
state: directory
mode: 0700
- name: Get gnupg runtime folder name
- shell: 'GNUPGHOME=$XDG_CONFIG_HOME/gnupg gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
+ shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
register: gnupg_runtime_dir_cmd
-- name: Add systemd overrides
- template:
- src: "systemd/{{ item }}.conf.j2"
- dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
- register: results
- loop:
- - dirmngr
- - gpg-agent
- - gpg-agent-browser
- - gpg-agent-extra
- - gpg-agent-ssh
-- name: Restart systemd units
- systemd:
- daemon_reload: true
- scope: user
- state: restarted
- name: "{{ item }}.socket"
- loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
+ changed_when: false
+ check_mode: no
+- name: check existing secret key
+ shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
+ changed_when: false
+ ignore_errors: true
+ register: gpgkeys
+ check_mode: no
+- name: Ask for gpg password
+ when: gpgkeys.stdout == ""
+ block:
+ - name: Ask for gpg password
+ pause:
+ prompt: "Chose gpg password"
+ echo: false
+ register: gpg_password
+ - name: Confirm gpg password
+ pause:
+ prompt: "Confirm gpg password"
+ echo: false
+ register: gpg_password_confirm
+ - name: check gpg password
+ assert:
+ that: gpg_password_confirm.user_input == gpg_password.user_input
+- name: Generate gpg key
+ when: gpgkeys.stdout == ""
+ block:
+ - name: Copy default template for gpg key generation
+ template:
+ src: gen-key-script.j2
+ dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ mode: 0600
+ no_log: true
+ - name: Generate gpg key
+ command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ register: genkey
+ always:
+ - name: Remove template file
+ file:
+ path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ state: absent
+- name: get keygrip
+ shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
+ register: keygrip
+ when: gpgkeys.stdout == ""
+ notify:
+ - notify add key to immae@immae.eu
+ - send key to immae@immae.eu
+ - notify add key to password store
+- meta: flush_handlers
+- name: add keygrip to sshcontrol
+ lineinfile:
+ line: "{{ keygrip.stdout }}"
+ insertafter: EOF
+ dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
+ create: true
+ state: present
+ when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
+ notify:
+ - restart gpg-agent
+- meta: flush_handlers
+- name: Override the gpg socket directory
+ block:
+ - name: Add systemd overrides
+ template:
+ src: "systemd/{{ systemd_item }}.conf.j2"
+ dest: "$XDG_CONFIG_HOME/systemd/user/{{ systemd_item }}.socket.d/override.conf"
+ register: results
+ loop:
+ - dirmngr
+ - gpg-agent
+ - gpg-agent-browser
+ - gpg-agent-extra
+ - gpg-agent-ssh
+ loop_control:
+ loop_var: systemd_item
+ - name: Restart systemd units
+ systemd:
+ daemon_reload: true
+ scope: user
+ state: restarted
+ name: "{{ restart_systemd_item }}.socket"
+ loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
+ loop_control:
+ loop_var: restart_systemd_item