X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=roles%2Fgnupg%2Ftasks%2Fmain.yml;h=ef61fede378775b84065dc3f758b60b3ab743449;hb=d03cede672edcf559379ca0b12c80fd7b92cfb18;hp=8adaf697719016f39db9bd1e730a745c6899d813;hpb=397c4fed757d201af627636822981e85e84ea572;p=perso%2FImmae%2FConfig%2FAnsible.git diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml index 8adaf69..ef61fed 100644 --- a/roles/gnupg/tasks/main.yml +++ b/roles/gnupg/tasks/main.yml @@ -12,8 +12,66 @@ state: directory mode: 0700 - name: Get gnupg runtime folder name - shell: 'GNUPGHOME=$XDG_CONFIG_HOME/gnupg gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"' + shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"' register: gnupg_runtime_dir_cmd + changed_when: false + check_mode: no +- name: check existing secret key + shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'" + changed_when: false + ignore_errors: true + register: gpgkeys + check_mode: no +- name: ask for gpg password + pause: + prompt: "Chose gpg password" + echo: false + register: gpg_password + when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" +- name: confirm gpg password + pause: + prompt: "Confirm gpg password" + echo: false + register: gpg_password_confirm + when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" +- name: check gpg password + assert: + that: gpg_password_confirm.user_input == gpg_password.user_input + when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" +- name: copy default template for gpg key generation + template: + src: gen-key-script.j2 + dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" + mode: 0600 + no_log: true + when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" +- name: generate gpg key + command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" + when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" + register: genkey +- name: remove template file + file: + path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" + state: absent + when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" +- name: get keygrip + shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10" + register: keygrip + when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" + notify: + - notify add key to immae@immae.eu + - send key to immae@immae.eu + - notify add key to password store +- name: add keygrip to sshcontrol + lineinfile: + line: "{{ keygrip.stdout }}" + insertafter: EOF + dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol" + create: true + state: present + when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != "" + notify: + - restart gpg-agent - name: Add systemd overrides template: src: "systemd/{{ item }}.conf.j2" @@ -32,3 +90,7 @@ state: restarted name: "{{ item }}.socket" loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}" +- name: clone password store + register: clone_password_store + shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store" + changed_when: clone_password_store is defined and "stdout" in clone_password_store and clone_password_store.stdout != ""