[perso/Immae/Config/Ansible.git] / roles / gnupg / tasks / main.yml

---
- name: Config dirs
  file:
    state: directory
    path: "$XDG_CONFIG_HOME/{{ gnupg_config_item }}"
    mode: 0700
  loop:
    - gnupg
  loop_control:
    loop_var: gnupg_config_item
- name: Config files
  copy:
    src: "gnupg/{{ gnupg_config_item }}"
    dest: "$XDG_CONFIG_HOME/gnupg/{{ gnupg_config_item }}"
  loop:
    - gpg-agent.conf
    - gpg.conf
  loop_control:
    loop_var: gnupg_config_item
- name: Get gnupg runtime folder name
  shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
  register: gnupg_runtime_dir_cmd
  changed_when: false
  check_mode: no
- name: check existing secret key
  shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
  changed_when: false
  ignore_errors: true
  register: gpgkeys
  check_mode: no
- name: Ask for gpg password
  when: gpgkeys.stdout == ""
  block:
    - name: Ask for gpg password
      pause:
        prompt: "Chose gpg password"
        echo: false
      register: gpg_password
    - name: Confirm gpg password
      pause:
        prompt: "Confirm gpg password"
        echo: false
      register: gpg_password_confirm
    - name: check gpg password
      assert:
        that: gpg_password_confirm.user_input == gpg_password.user_input
- name: Generate gpg key
  when: gpgkeys.stdout == ""
  block:
    - name: Copy default template for gpg key generation
      template:
        src: gen-key-script.j2
        dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
        mode: 0600
      no_log: true
    - name: Generate gpg key
      command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
      register: genkey
  always:
    - name: Remove template file
      file:
        path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
        state: absent
- name: get keygrip
  shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
  register: keygrip
  when: gpgkeys.stdout == ""
  notify:
    - notify add key to immae@immae.eu
    - send key to immae@immae.eu
    - notify add key to password store
- meta: flush_handlers
- name: add keygrip to sshcontrol
  lineinfile:
    line: "{{ keygrip.stdout }}"
    insertafter: EOF
    dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
    create: true
    state: present
  when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
  notify:
    - restart gpg-agent
- meta: flush_handlers
- name: Override the gpg socket directory
  block:
    - name: Add systemd overrides
      template:
        src: "systemd/{{ systemd_item }}.conf.j2"
        dest: "$XDG_CONFIG_HOME/systemd/user/{{ systemd_item }}.socket.d/override.conf"
      register: results
      loop:
        - dirmngr
        - gpg-agent
        - gpg-agent-browser
        - gpg-agent-extra
        - gpg-agent-ssh
      loop_control:
        loop_var: systemd_item
    - name: Restart systemd units
      systemd:
        daemon_reload: true
        scope: user
        state: restarted
        name: "{{ restart_systemd_item }}.socket"
      loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
      loop_control:
        loop_var: restart_systemd_item
Commit	Line	Data
397c4fed	1	---
587b6dd6 IB	2	- name: Config dirs
	3	file:
	4	state: directory
	5	path: "$XDG_CONFIG_HOME/{{ gnupg_config_item }}"
	6	mode: 0700
	7	loop:
	8	- gnupg
	9	loop_control:
	10	loop_var: gnupg_config_item
397c4fed	11	- name: Config files
eac82f28 IB	12	copy:
	13	src: "gnupg/{{ gnupg_config_item }}"
	14	dest: "$XDG_CONFIG_HOME/gnupg/{{ gnupg_config_item }}"
	15	loop:
	16	- gpg-agent.conf
	17	- gpg.conf
	18	loop_control:
	19	loop_var: gnupg_config_item
397c4fed	20	- name: Get gnupg runtime folder name
b6984948	21	shell: 'gpgconf --list-dirs socketdir \| sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
397c4fed	22	register: gnupg_runtime_dir_cmd
b6984948	23	changed_when: false
d03cede6	24	check_mode: no
b6984948 IB	25	- name: check existing secret key
	26	shell: "gpg --list-secret-keys \| grep '{{ gpg_useremail }}'"
	27	changed_when: false
	28	ignore_errors: true
	29	register: gpgkeys
d03cede6	30	check_mode: no
cf86d448 IB	31	- name: Ask for gpg password
	32	when: gpgkeys.stdout == ""
	33	block:
	34	- name: Ask for gpg password
	35	pause:
	36	prompt: "Chose gpg password"
	37	echo: false
	38	register: gpg_password
	39	- name: Confirm gpg password
	40	pause:
	41	prompt: "Confirm gpg password"
	42	echo: false
	43	register: gpg_password_confirm
	44	- name: check gpg password
	45	assert:
	46	that: gpg_password_confirm.user_input == gpg_password.user_input
	47	- name: Generate gpg key
	48	when: gpgkeys.stdout == ""
	49	block:
	50	- name: Copy default template for gpg key generation
	51	template:
	52	src: gen-key-script.j2
	53	dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
	54	mode: 0600
	55	no_log: true
	56	- name: Generate gpg key
	57	command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
	58	register: genkey
	59	always:
	60	- name: Remove template file
	61	file:
	62	path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
	63	state: absent
b6984948 IB	64	- name: get keygrip
	65	shell: "gpg -K --with-colons {{ gpg_useremail }} \| grep '^grp' \| cut -d':' -f10"
	66	register: keygrip
cf86d448	67	when: gpgkeys.stdout == ""
b6984948 IB	68	notify:
	69	- notify add key to immae@immae.eu
	70	- send key to immae@immae.eu
	71	- notify add key to password store
eac82f28	72	- meta: flush_handlers
b6984948 IB	73	- name: add keygrip to sshcontrol
	74	lineinfile:
	75	line: "{{ keygrip.stdout }}"
	76	insertafter: EOF
	77	dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
	78	create: true
	79	state: present
	80	when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
	81	notify:
	82	- restart gpg-agent
eac82f28	83	- meta: flush_handlers
cf86d448 IB	84	- name: Override the gpg socket directory
	85	block:
	86	- name: Add systemd overrides
	87	template:
eac82f28 IB	88	src: "systemd/{{ systemd_item }}.conf.j2"
eac82f28 IB	89	dest: "$XDG_CONFIG_HOME/systemd/user/{{ systemd_item }}.socket.d/override.conf"
cf86d448 IB	90	register: results
	91	loop:
	92	- dirmngr
	93	- gpg-agent
	94	- gpg-agent-browser
	95	- gpg-agent-extra
	96	- gpg-agent-ssh
eac82f28 IB	97	loop_control:
eac82f28 IB	98	loop_var: systemd_item
cf86d448 IB	99	- name: Restart systemd units
	100	systemd:
	101	daemon_reload: true
	102	scope: user
	103	state: restarted
eac82f28	104	name: "{{ restart_systemd_item }}.socket"
cf86d448	105	loop: "{{ results.results\|selectattr('changed')\|map(attribute='item')\|list }}"
eac82f28 IB	106	loop_control:
eac82f28 IB	107	loop_var: restart_systemd_item