roles/gnupg/tasks/main.yml

   1 ---
   2 - name: Config dirs
   3   file:
   4     state: directory
   5     path: "$XDG_CONFIG_HOME/{{ gnupg_config_item }}"
   6     mode: 0700
   7   loop:
   8     - gnupg
   9   loop_control:
  10     loop_var: gnupg_config_item
  11 - name: Config files
  12   copy:
  13     src: "gnupg/{{ gnupg_config_item }}"
  14     dest: "$XDG_CONFIG_HOME/gnupg/{{ gnupg_config_item }}"
  15   loop:
  16     - gpg-agent.conf
  17     - gpg.conf
  18   loop_control:
  19     loop_var: gnupg_config_item
  20 - name: Get gnupg runtime folder name
  21   shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
  22   register: gnupg_runtime_dir_cmd
  23   changed_when: false
  24   check_mode: no
  25 - name: check existing secret key
  26   shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
  27   changed_when: false
  28   ignore_errors: true
  29   register: gpgkeys
  30   check_mode: no
  31 - name: Ask for gpg password
  32   when: gpgkeys.stdout == ""
  33   block:
  34     - name: Ask for gpg password
  35       pause:
  36         prompt: "Chose gpg password"
  37         echo: false
  38       register: gpg_password
  39     - name: Confirm gpg password
  40       pause:
  41         prompt: "Confirm gpg password"
  42         echo: false
  43       register: gpg_password_confirm
  44     - name: check gpg password
  45       assert:
  46         that: gpg_password_confirm.user_input == gpg_password.user_input
  47 - name: Generate gpg key
  48   when: gpgkeys.stdout == ""
  49   block:
  50     - name: Copy default template for gpg key generation
  51       template:
  52         src: gen-key-script.j2
  53         dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
  54         mode: 0600
  55       no_log: true
  56     - name: Generate gpg key
  57       command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
  58       register: genkey
  59   always:
  60     - name: Remove template file
  61       file:
  62         path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
  63         state: absent
  64 - name: get keygrip
  65   shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
  66   register: keygrip
  67   when: gpgkeys.stdout == ""
  68   notify:
  69     - notify add key to immae@immae.eu
  70     - send key to immae@immae.eu
  71     - notify add key to password store
  72 - meta: flush_handlers
  73 - name: add keygrip to sshcontrol
  74   lineinfile:
  75     line: "{{ keygrip.stdout }}"
  76     insertafter: EOF
  77     dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
  78     create: true
  79     state: present
  80   when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
  81   notify:
  82     - restart gpg-agent
  83 - meta: flush_handlers
  84 - name: Override the gpg socket directory
  85   block:
  86     - name: Add systemd overrides
  87       template:
  88         src: "systemd/{{ systemd_item }}.conf.j2"
  89         dest: "$XDG_CONFIG_HOME/systemd/user/{{ systemd_item }}.socket.d/override.conf"
  90       register: results
  91       loop:
  92         - dirmngr
  93         - gpg-agent
  94         - gpg-agent-browser
  95         - gpg-agent-extra
  96         - gpg-agent-ssh
  97       loop_control:
  98         loop_var: systemd_item
  99     - name: Restart systemd units
 100       systemd:
 101         daemon_reload: true
 102         scope: user
 103         state: restarted
 104         name: "{{ restart_systemd_item }}.socket"
 105       loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
 106       loop_control:
 107         loop_var: restart_systemd_item