projects / perso / Immae / Config / Ansible.git / blame
| Commit | Line | Data |
|---|---|---|
| 397c4fed | 1 | --- |
| 587b6dd6 IB |
2 | - name: Config dirs |
| 3 | file: | |
| 4 | state: directory | |
| e1c588d3 | 5 | path: "$XDG_CONFIG_HOME/{{ item }}" |
| 587b6dd6 IB |
6 | mode: 0700 |
| 7 | loop: | |
| 8 | - gnupg | |
| 397c4fed | 9 | - name: Config files |
| eac82f28 | 10 | copy: |
| e1c588d3 IB |
11 | src: "gnupg/{{ item }}" |
| 12 | dest: "$XDG_CONFIG_HOME/gnupg/{{ item }}" | |
| eac82f28 IB |
13 | loop: |
| 14 | - gpg-agent.conf | |
| dfd05afe IB |
15 | - name: gpg config file |
| 16 | template: | |
| 17 | src: "gpg.conf.j2" | |
| 18 | dest: "$XDG_CONFIG_HOME/gnupg/gpg.conf" | |
| 397c4fed | 19 | - name: Get gnupg runtime folder name |
| b6984948 | 20 | shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"' |
| 397c4fed | 21 | register: gnupg_runtime_dir_cmd |
| b6984948 | 22 | changed_when: false |
| d03cede6 | 23 | check_mode: no |
| b6984948 IB |
24 | - name: check existing secret key |
| 25 | shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'" | |
| 26 | changed_when: false | |
| 27 | ignore_errors: true | |
| 28 | register: gpgkeys | |
| d03cede6 | 29 | check_mode: no |
| cf86d448 IB |
30 | - name: Ask for gpg password |
| 31 | when: gpgkeys.stdout == "" | |
| 32 | block: | |
| 33 | - name: Ask for gpg password | |
| 34 | pause: | |
| 35 | prompt: "Chose gpg password" | |
| 36 | echo: false | |
| 37 | register: gpg_password | |
| 38 | - name: Confirm gpg password | |
| 39 | pause: | |
| 40 | prompt: "Confirm gpg password" | |
| 41 | echo: false | |
| 42 | register: gpg_password_confirm | |
| 43 | - name: check gpg password | |
| 44 | assert: | |
| 45 | that: gpg_password_confirm.user_input == gpg_password.user_input | |
| 46 | - name: Generate gpg key | |
| 47 | when: gpgkeys.stdout == "" | |
| 48 | block: | |
| 49 | - name: Copy default template for gpg key generation | |
| 50 | template: | |
| 51 | src: gen-key-script.j2 | |
| 52 | dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
| 53 | mode: 0600 | |
| 54 | no_log: true | |
| 55 | - name: Generate gpg key | |
| 56 | command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
| 57 | register: genkey | |
| 58 | always: | |
| 59 | - name: Remove template file | |
| 60 | file: | |
| 61 | path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | |
| 62 | state: absent | |
| b6984948 IB |
63 | - name: get keygrip |
| 64 | shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10" | |
| 65 | register: keygrip | |
| cf86d448 | 66 | when: gpgkeys.stdout == "" |
| b6984948 IB |
67 | notify: |
| 68 | - notify add key to immae@immae.eu | |
| 69 | - send key to immae@immae.eu | |
| 70 | - notify add key to password store | |
| eac82f28 | 71 | - meta: flush_handlers |
| b6984948 IB |
72 | - name: add keygrip to sshcontrol |
| 73 | lineinfile: | |
| 74 | line: "{{ keygrip.stdout }}" | |
| 75 | insertafter: EOF | |
| 76 | dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol" | |
| 77 | create: true | |
| 78 | state: present | |
| 79 | when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != "" | |
| 80 | notify: | |
| 81 | - restart gpg-agent | |
| eac82f28 | 82 | - meta: flush_handlers |
| cf86d448 IB |
83 | - name: Override the gpg socket directory |
| 84 | block: | |
| 85 | - name: Add systemd overrides | |
| 86 | template: | |
| e1c588d3 IB |
87 | src: "systemd/{{ item }}.conf.j2" |
| 88 | dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf" | |
| cf86d448 IB |
89 | register: results |
| 90 | loop: | |
| 91 | - dirmngr | |
| 92 | - gpg-agent | |
| 93 | - gpg-agent-browser | |
| 94 | - gpg-agent-extra | |
| 95 | - gpg-agent-ssh | |
| 96 | - name: Restart systemd units | |
| 97 | systemd: | |
| 98 | daemon_reload: true | |
| 99 | scope: user | |
| 100 | state: restarted | |
| e1c588d3 | 101 | name: "{{ item }}.socket" |
| cf86d448 | 102 | loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}" |