8 dest: /$XDG_CONFIG_HOME/
9 - name: Protect directory
11 path: $XDG_CONFIG_HOME/gnupg
14 - name: Get gnupg runtime folder name
15 shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
16 register: gnupg_runtime_dir_cmd
18 - name: check existing secret key
19 shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
23 - name: ask for gpg password
25 prompt: "Chose gpg password"
27 register: gpg_password
28 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
29 - name: confirm gpg password
31 prompt: "Confirm gpg password"
33 register: gpg_password_confirm
34 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
35 - name: check gpg password
37 that: gpg_password_confirm.user_input == gpg_password.user_input
38 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
39 - name: copy default template for gpg key generation
41 src: gen-key-script.j2
42 dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
45 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
46 - name: generate gpg key
47 command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
48 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
50 - name: remove template file
52 path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
54 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
56 shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
58 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
60 - notify add key to immae@immae.eu
61 - send key to immae@immae.eu
62 - notify add key to password store
63 - name: add keygrip to sshcontrol
65 line: "{{ keygrip.stdout }}"
67 dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
70 when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
73 - name: Add systemd overrides
75 src: "systemd/{{ item }}.conf.j2"
76 dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
84 - name: Restart systemd units
89 name: "{{ item }}.socket"
90 loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
91 - name: clone password store
92 register: clone_password_store
93 shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"
94 changed_when: clone_password_store is defined and "stdout" in clone_password_store and clone_password_store.stdout != ""