Use check_mode for commands

[perso/Immae/Config/Ansible.git] / roles / gnupg / tasks / main.yml

diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml
index 8adaf697719016f39db9bd1e730a745c6899d813..ef61fede378775b84065dc3f758b60b3ab743449 100644 (file)
--- a/roles/gnupg/tasks/main.yml
+++ b/roles/gnupg/tasks/main.yml
@@ -12,8 +12,66 @@
     state: directory
     mode: 0700
 - name: Get gnupg runtime folder name
-  shell: 'GNUPGHOME=$XDG_CONFIG_HOME/gnupg gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
+  shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
   register: gnupg_runtime_dir_cmd
+  changed_when: false
+  check_mode: no
+- name: check existing secret key
+  shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
+  changed_when: false
+  ignore_errors: true
+  register: gpgkeys
+  check_mode: no
+- name: ask for gpg password
+  pause:
+    prompt: "Chose gpg password"
+    echo: false
+  register: gpg_password
+  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: confirm gpg password
+  pause:
+    prompt: "Confirm gpg password"
+    echo: false
+  register: gpg_password_confirm
+  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: check gpg password
+  assert:
+    that: gpg_password_confirm.user_input == gpg_password.user_input
+  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: copy default template for gpg key generation
+  template:
+    src: gen-key-script.j2
+    dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+    mode: 0600
+  no_log: true
+  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: generate gpg key
+  command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+  register: genkey
+- name: remove template file
+  file:
+    path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+    state: absent
+  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+- name: get keygrip
+  shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
+  register: keygrip
+  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+  notify:
+    - notify add key to immae@immae.eu
+    - send key to immae@immae.eu
+    - notify add key to password store
+- name: add keygrip to sshcontrol
+  lineinfile:
+    line: "{{ keygrip.stdout }}"
+    insertafter: EOF
+    dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
+    create: true
+    state: present
+  when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
+  notify:
+    - restart gpg-agent
 - name: Add systemd overrides
   template:
     src: "systemd/{{ item }}.conf.j2"
@@ -32,3 +90,7 @@
     state: restarted
     name: "{{ item }}.socket"
   loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
+- name: clone password store
+  register: clone_password_store
+  shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"
+  changed_when: clone_password_store is defined and "stdout" in clone_password_store and clone_password_store.stdout != ""