8 dest: /$XDG_CONFIG_HOME/
9 - name: Protect directory
11 path: $XDG_CONFIG_HOME/gnupg
14 - name: Get gnupg runtime folder name
15 shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
16 register: gnupg_runtime_dir_cmd
19 - name: check existing secret key
20 shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
25 - name: ask for gpg password
27 prompt: "Chose gpg password"
29 register: gpg_password
30 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
31 - name: confirm gpg password
33 prompt: "Confirm gpg password"
35 register: gpg_password_confirm
36 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
37 - name: check gpg password
39 that: gpg_password_confirm.user_input == gpg_password.user_input
40 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
41 - name: copy default template for gpg key generation
43 src: gen-key-script.j2
44 dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
47 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
48 - name: generate gpg key
49 command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
50 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
52 - name: remove template file
54 path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
56 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
58 shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
60 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
62 - notify add key to immae@immae.eu
63 - send key to immae@immae.eu
64 - notify add key to password store
65 - name: add keygrip to sshcontrol
67 line: "{{ keygrip.stdout }}"
69 dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
72 when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
75 - name: Add systemd overrides
77 src: "systemd/{{ item }}.conf.j2"
78 dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
86 - name: Restart systemd units
91 name: "{{ item }}.socket"
92 loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
93 - name: clone password store
94 register: clone_password_store
95 shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"
96 changed_when: clone_password_store is defined and "stdout" in clone_password_store and clone_password_store.stdout != ""