X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=roles%2Fgnupg%2Ftasks%2Fmain.yml;h=117ebf208b5f8366c38589f1500cdf11b914c492;hb=587b6dd6d2d3a63ad28455003c0c2c5f58afdecb;hp=d1289f5ce9b4bf554fca3bef113c80329b8dedb8;hpb=b6984948ccd39e4aba15f02822703edebecb6bb7;p=perso%2FImmae%2FConfig%2FAnsible.git

diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml
index d1289f5..117ebf2 100644
--- a/roles/gnupg/tasks/main.yml
+++ b/roles/gnupg/tasks/main.yml
@@ -1,65 +1,75 @@
 ---
-- name: Config files
-  synchronize:
-    recursive: yes
-    archive: no
-    checksum: yes
-    src: gnupg
-    dest: /$XDG_CONFIG_HOME/
-- name: Protect directory
+- name: Config dirs
   file:
-    path: $XDG_CONFIG_HOME/gnupg
     state: directory
+    path: "$XDG_CONFIG_HOME/{{ gnupg_config_item }}"
     mode: 0700
+  loop:
+    - gnupg
+  loop_control:
+    loop_var: gnupg_config_item
+- name: Config files
+  copy:
+    src: "gnupg/{{ gnupg_config_item }}"
+    dest: "$XDG_CONFIG_HOME/gnupg/{{ gnupg_config_item }}"
+  loop:
+    - gpg-agent.conf
+    - gpg.conf
+  loop_control:
+    loop_var: gnupg_config_item
 - name: Get gnupg runtime folder name
   shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
   register: gnupg_runtime_dir_cmd
   changed_when: false
+  check_mode: no
 - name: check existing secret key
   shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
   changed_when: false
   ignore_errors: true
   register: gpgkeys
-- name: ask for gpg password
-  pause:
-    prompt: "Chose gpg password"
-    echo: false
-  register: gpg_password
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-- name: confirm gpg password
-  pause:
-    prompt: "Confirm gpg password"
-    echo: false
-  register: gpg_password_confirm
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-- name: check gpg password
-  assert:
-    that: gpg_password_confirm.user_input == gpg_password.user_input
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-- name: copy default template for gpg key generation
-  template:
-    src: gen-key-script.j2
-    dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
-    mode: 0600
-  no_log: true
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-- name: generate gpg key
-  command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
-  register: genkey
-- name: remove template file
-  file:
-    path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
-    state: absent
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+  check_mode: no
+- name: Ask for gpg password
+  when: gpgkeys.stdout == ""
+  block:
+    - name: Ask for gpg password
+      pause:
+        prompt: "Chose gpg password"
+        echo: false
+      register: gpg_password
+    - name: Confirm gpg password
+      pause:
+        prompt: "Confirm gpg password"
+        echo: false
+      register: gpg_password_confirm
+    - name: check gpg password
+      assert:
+        that: gpg_password_confirm.user_input == gpg_password.user_input
+- name: Generate gpg key
+  when: gpgkeys.stdout == ""
+  block:
+    - name: Copy default template for gpg key generation
+      template:
+        src: gen-key-script.j2
+        dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+        mode: 0600
+      no_log: true
+    - name: Generate gpg key
+      command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+      register: genkey
+  always:
+    - name: Remove template file
+      file:
+        path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+        state: absent
 - name: get keygrip
   shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
   register: keygrip
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+  when: gpgkeys.stdout == ""
   notify:
     - notify add key to immae@immae.eu
     - send key to immae@immae.eu
     - notify add key to password store
+- meta: flush_handlers
 - name: add keygrip to sshcontrol
   lineinfile:
     line: "{{ keygrip.stdout }}"
@@ -70,25 +80,28 @@
   when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
   notify:
     - restart gpg-agent
-- name: Add systemd overrides
-  template:
-    src: "systemd/{{ item }}.conf.j2"
-    dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
-  register: results
-  loop:
-    - dirmngr
-    - gpg-agent
-    - gpg-agent-browser
-    - gpg-agent-extra
-    - gpg-agent-ssh
-- name: Restart systemd units
-  systemd:
-    daemon_reload: true
-    scope: user
-    state: restarted
-    name: "{{ item }}.socket"
-  loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
-- name: clone password store
-  register: clone_password_store
-  shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"
-  changed_when: clone_password_store is defined and "stdout" in clone_password_store and clone_password_store.stdout != ""
+- meta: flush_handlers
+- name: Override the gpg socket directory
+  block:
+    - name: Add systemd overrides
+      template:
+        src: "systemd/{{ systemd_item }}.conf.j2"
+        dest: "$XDG_CONFIG_HOME/systemd/user/{{ systemd_item }}.socket.d/override.conf"
+      register: results
+      loop:
+        - dirmngr
+        - gpg-agent
+        - gpg-agent-browser
+        - gpg-agent-extra
+        - gpg-agent-ssh
+      loop_control:
+        loop_var: systemd_item
+    - name: Restart systemd units
+      systemd:
+        daemon_reload: true
+        scope: user
+        state: restarted
+        name: "{{ restart_systemd_item }}.socket"
+      loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
+      loop_control:
+        loop_var: restart_systemd_item