Validation initiale

8 files changed, 60 insertions, 0 deletions

diff --git a/roles/gnupg/files/gnupg/gpg-agent.conf b/roles/gnupg/files/gnupg/gpg-agent.conf
new file mode 100644
index 0000000..3c4e379
--- /dev/null
+++ b/roles/gnupg/files/gnupg/gpg-agent.conf
@@ -0,0 +1,4 @@
+pinentry-program /usr/bin/pinentry
+allow-loopback-pinentry
+enable-ssh-support
+allow-preset-passphrase
diff --git a/roles/gnupg/files/gnupg/gpg.conf b/roles/gnupg/files/gnupg/gpg.conf
new file mode 100644
index 0000000..17bc522
--- /dev/null
+++ b/roles/gnupg/files/gnupg/gpg.conf
@@ -0,0 +1,7 @@
+# Main signing key
+default-key  DB1CFE90
+
+default-recipient-self
+encrypt-to 0326A611
+auto-key-retrieve
+no-greeting
diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml
new file mode 100644
index 0000000..8adaf69
--- /dev/null
+++ b/roles/gnupg/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: Config files
+  synchronize:
+    recursive: yes
+    archive: no
+    checksum: yes
+    src: gnupg
+    dest: /$XDG_CONFIG_HOME/
+- name: Protect directory
+  file:
+    path: $XDG_CONFIG_HOME/gnupg
+    state: directory
+    mode: 0700
+- name: Get gnupg runtime folder name
+  shell: 'GNUPGHOME=$XDG_CONFIG_HOME/gnupg gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
+  register: gnupg_runtime_dir_cmd
+- name: Add systemd overrides
+  template:
+    src: "systemd/{{ item }}.conf.j2"
+    dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
+  register: results
+  loop:
+    - dirmngr
+    - gpg-agent
+    - gpg-agent-browser
+    - gpg-agent-extra
+    - gpg-agent-ssh
+- name: Restart systemd units
+  systemd:
+    daemon_reload: true
+    scope: user
+    state: restarted
+    name: "{{ item }}.socket"
+  loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
diff --git a/roles/gnupg/templates/systemd/dirmngr.conf.j2 b/roles/gnupg/templates/systemd/dirmngr.conf.j2
new file mode 100644
index 0000000..9083ab5
--- /dev/null
+++ b/roles/gnupg/templates/systemd/dirmngr.conf.j2
@@ -0,0 +1,3 @@
+[Socket]
+ListenStream=
+ListenStream=%t/gnupg/{{ gnupg_runtime_dir_cmd.get('stdout', debug_gnupg_runtime_dir) }}/S.dirmngr
diff --git a/roles/gnupg/templates/systemd/gpg-agent-browser.conf.j2 b/roles/gnupg/templates/systemd/gpg-agent-browser.conf.j2
new file mode 100644
index 0000000..61ddeb6
--- /dev/null
+++ b/roles/gnupg/templates/systemd/gpg-agent-browser.conf.j2
@@ -0,0 +1,3 @@
+[Socket]
+ListenStream=
+ListenStream=%t/gnupg/{{ gnupg_runtime_dir_cmd.get('stdout', debug_gnupg_runtime_dir) }}/S.gpg-agent.browser
diff --git a/roles/gnupg/templates/systemd/gpg-agent-extra.conf.j2 b/roles/gnupg/templates/systemd/gpg-agent-extra.conf.j2
new file mode 100644
index 0000000..f34606c
--- /dev/null
+++ b/roles/gnupg/templates/systemd/gpg-agent-extra.conf.j2
@@ -0,0 +1,3 @@
+[Socket]
+ListenStream=
+ListenStream=%t/gnupg/{{ gnupg_runtime_dir_cmd.get('stdout', debug_gnupg_runtime_dir) }}/S.gpg-agent.extra
diff --git a/roles/gnupg/templates/systemd/gpg-agent-ssh.conf.j2 b/roles/gnupg/templates/systemd/gpg-agent-ssh.conf.j2
new file mode 100644
index 0000000..b7cd0c2
--- /dev/null
+++ b/roles/gnupg/templates/systemd/gpg-agent-ssh.conf.j2
@@ -0,0 +1,3 @@
+[Socket]
+ListenStream=
+ListenStream=%t/gnupg/{{ gnupg_runtime_dir_cmd.get('stdout', debug_gnupg_runtime_dir) }}/S.gpg-agent.ssh
diff --git a/roles/gnupg/templates/systemd/gpg-agent.conf.j2 b/roles/gnupg/templates/systemd/gpg-agent.conf.j2
new file mode 100644
index 0000000..666c22e
--- /dev/null
+++ b/roles/gnupg/templates/systemd/gpg-agent.conf.j2
@@ -0,0 +1,3 @@
+[Socket]
+ListenStream=
+ListenStream=%t/gnupg/{{ gnupg_runtime_dir_cmd.get('stdout', debug_gnupg_runtime_dir) }}/S.gpg-agent