X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=roles%2Fgnupg%2Ftasks%2Fmain.yml;h=84957cf549ff6c1ec593548b2333481bfcd838f9;hb=39749dd76fb02744f26c68054a9955cbe3e26849;hp=a2b9aa6bd13553e5b3e9beaf40d2792bb2f6505d;hpb=cf86d448f96ede049c04d8165931f92a82f35956;p=perso%2FImmae%2FConfig%2FAnsible.git diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml index a2b9aa6..84957cf 100644 --- a/roles/gnupg/tasks/main.yml +++ b/roles/gnupg/tasks/main.yml @@ -1,29 +1,35 @@ --- -- name: Config files - synchronize: - recursive: yes - archive: no - checksum: yes - src: gnupg - dest: /$XDG_CONFIG_HOME/ -- name: Protect directory +- name: Config dirs file: - path: $XDG_CONFIG_HOME/gnupg state: directory + path: "$XDG_CONFIG_HOME/{{ item }}" mode: 0700 + loop: + - gnupg +- name: Config files + copy: + src: "gnupg/{{ item }}" + dest: "$XDG_CONFIG_HOME/gnupg/{{ item }}" + loop: + - gpg-agent.conf +- name: gpg config file + template: + src: "gpg.conf.j2" + dest: "$XDG_CONFIG_HOME/gnupg/gpg.conf" - name: Get gnupg runtime folder name shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"' register: gnupg_runtime_dir_cmd changed_when: false check_mode: no - name: check existing secret key + tags: ["no_bootstrap"] shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'" changed_when: false ignore_errors: true register: gpgkeys check_mode: no - name: Ask for gpg password - when: gpgkeys.stdout == "" + when: gpgkeys is defined and gpgkeys.stdout == "" block: - name: Ask for gpg password pause: @@ -39,7 +45,7 @@ assert: that: gpg_password_confirm.user_input == gpg_password.user_input - name: Generate gpg key - when: gpgkeys.stdout == "" + when: gpgkeys is defined and gpgkeys.stdout == "" block: - name: Copy default template for gpg key generation template: @@ -58,11 +64,12 @@ - name: get keygrip shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10" register: keygrip - when: gpgkeys.stdout == "" + when: gpgkeys is defined and gpgkeys.stdout == "" notify: - notify add key to immae@immae.eu - send key to immae@immae.eu - notify add key to password store +- meta: flush_handlers - name: add keygrip to sshcontrol lineinfile: line: "{{ keygrip.stdout }}" @@ -73,8 +80,19 @@ when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != "" notify: - restart gpg-agent +- meta: flush_handlers - name: Override the gpg socket directory block: + - name: Add systemd overrides directory + file: + path: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d" + state: directory + loop: + - dirmngr + - gpg-agent + - gpg-agent-browser + - gpg-agent-extra + - gpg-agent-ssh - name: Add systemd overrides template: src: "systemd/{{ item }}.conf.j2" @@ -93,7 +111,3 @@ state: restarted name: "{{ item }}.socket" loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}" -- name: clone password store - register: clone_password_store - shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store" - changed_when: clone_password_store is defined and "stdout" in clone_password_store and clone_password_store.stdout != ""