Add a tag to prevent gpg-related actions during the home bootstrap

[perso/Immae/Config/Ansible.git] / roles / gnupg / tasks / main.yml
diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml

index 183dd7dd243d5b406c047fb1fed1df43be9fb6f1..84957cf549ff6c1ec593548b2333481bfcd838f9 100644 (file)
--- a/roles/gnupg/tasks/main.yml
+++ b/roles/gnupg/tasks/main.yml
@@ -1,31 +1,35 @@
  ---
+- name: Config dirs
+  file:
+    state: directory
+    path: "$XDG_CONFIG_HOME/{{ item }}"
+    mode: 0700
+  loop:
+    - gnupg
  - name: Config files
    copy:
-    src: "gnupg/{{ gnupg_config_item }}"
-    dest: "$XDG_CONFIG_HOME/gnupg/{{ gnupg_config_item }}"
+    src: "gnupg/{{ item }}"
+    dest: "$XDG_CONFIG_HOME/gnupg/{{ item }}"
    loop:
      - gpg-agent.conf
-    - gpg.conf
-  loop_control:
-    loop_var: gnupg_config_item
-- name: Protect directory
-  file:
-    path: $XDG_CONFIG_HOME/gnupg
-    state: directory
-    mode: 0700
+- name: gpg config file
+  template:
+    src: "gpg.conf.j2"
+    dest: "$XDG_CONFIG_HOME/gnupg/gpg.conf"
  - name: Get gnupg runtime folder name
    shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
    register: gnupg_runtime_dir_cmd
    changed_when: false
    check_mode: no
  - name: check existing secret key
+  tags: ["no_bootstrap"]
    shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
    changed_when: false
    ignore_errors: true
    register: gpgkeys
    check_mode: no
  - name: Ask for gpg password
-  when: gpgkeys.stdout == ""
+  when: gpgkeys is defined and gpgkeys.stdout == ""
    block:
      - name: Ask for gpg password
        pause:
@@ -41,7 +45,7 @@
        assert:
          that: gpg_password_confirm.user_input == gpg_password.user_input
  - name: Generate gpg key
-  when: gpgkeys.stdout == ""
+  when: gpgkeys is defined and gpgkeys.stdout == ""
    block:
      - name: Copy default template for gpg key generation
        template:
@@ -60,7 +64,7 @@
  - name: get keygrip
    shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
    register: keygrip
-  when: gpgkeys.stdout == ""
+  when: gpgkeys is defined and gpgkeys.stdout == ""
    notify:
      - notify add key to immae@immae.eu
      - send key to immae@immae.eu
@@ -79,10 +83,20 @@
  - meta: flush_handlers
  - name: Override the gpg socket directory
    block:
+    - name: Add systemd overrides directory
+      file:
+        path: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d"
+        state: directory
+      loop:
+        - dirmngr
+        - gpg-agent
+        - gpg-agent-browser
+        - gpg-agent-extra
+        - gpg-agent-ssh
      - name: Add systemd overrides
        template:
-        src: "systemd/{{ systemd_item }}.conf.j2"
-        dest: "$XDG_CONFIG_HOME/systemd/user/{{ systemd_item }}.socket.d/override.conf"
+        src: "systemd/{{ item }}.conf.j2"
+        dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
        register: results
        loop:
          - dirmngr
@@ -90,14 +104,10 @@
          - gpg-agent-browser
          - gpg-agent-extra
          - gpg-agent-ssh
-      loop_control:
-        loop_var: systemd_item
      - name: Restart systemd units
        systemd:
          daemon_reload: true
          scope: user
          state: restarted
-        name: "{{ restart_systemd_item }}.socket"
+        name: "{{ item }}.socket"
        loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
-      loop_control:
-        loop_var: restart_systemd_item