--- /dev/null
+---
+- name: restart gpg-agent
+ systemd:
+ state: restarted
+ name: gpg-agent.service
+ scope: user
+- name: notify add key to immae@immae.eu
+ pause:
+ prompt: "gpg key will be sent to immae.eu, please login to tmux and give passwords there."
+ seconds: 3
+- name: send key to immae@immae.eu
+ shell: "gpg --armor --export ismael@flony | ssh immae@immae.eu add_workstation_key | gpg --import -"
+- name: notify add key to password store
+ pause:
+ prompt: "Please add the key to the password store and push: pass init -p Folder/Folder <key> <key>. Press key when done"
state: directory
mode: 0700
- name: Get gnupg runtime folder name
- shell: 'GNUPGHOME=$XDG_CONFIG_HOME/gnupg gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
+ shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
register: gnupg_runtime_dir_cmd
+ changed_when: false
+- name: check existing secret key
+ shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
+ changed_when: false
+ ignore_errors: true
+ register: gpgkeys
+- name: ask for gpg password
+ pause:
+ prompt: "Chose gpg password"
+ echo: false
+ register: gpg_password
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: confirm gpg password
+ pause:
+ prompt: "Confirm gpg password"
+ echo: false
+ register: gpg_password_confirm
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: check gpg password
+ assert:
+ that: gpg_password_confirm.user_input == gpg_password.user_input
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: copy default template for gpg key generation
+ template:
+ src: gen-key-script.j2
+ dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ mode: 0600
+ no_log: true
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: generate gpg key
+ command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+ register: genkey
+- name: remove template file
+ file:
+ path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+ state: absent
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: get keygrip
+ shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
+ register: keygrip
+ when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+ notify:
+ - notify add key to immae@immae.eu
+ - send key to immae@immae.eu
+ - notify add key to password store
+- name: add keygrip to sshcontrol
+ lineinfile:
+ line: "{{ keygrip.stdout }}"
+ insertafter: EOF
+ dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
+ create: true
+ state: present
+ when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
+ notify:
+ - restart gpg-agent
- name: Add systemd overrides
template:
src: "systemd/{{ item }}.conf.j2"
state: restarted
name: "{{ item }}.socket"
loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
+- name: clone password store
+ register: clone_password_store
+ shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"
+ changed_when: clone_password_store is defined and "stdout" in clone_password_store and clone_password_store.stdout != ""
projects / perso / Immae / Config / Ansible.git / commitdiff
