summaryrefslogtreecommitdiff
path: root/roles/gnupg
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@fretlink.com>2018-11-08 09:47:54 +0100
committerIsmaël Bouya <ismael.bouya@fretlink.com>2018-11-08 09:47:54 +0100
commitcf86d448f96ede049c04d8165931f92a82f35956 (patch)
tree915a6fd5f4748559abbe74bd9806f5a01eaada73 /roles/gnupg
parentde1c634c1fda61e34522595b40c66af17681bd14 (diff)
downloadAnsible-cf86d448f96ede049c04d8165931f92a82f35956.tar.gz
Ansible-cf86d448f96ede049c04d8165931f92a82f35956.tar.zst
Ansible-cf86d448f96ede049c04d8165931f92a82f35956.zip
Put tasks in blocks
Diffstat (limited to 'roles/gnupg')
-rw-r--r--roles/gnupg/tasks/main.yml105
1 files changed, 54 insertions, 51 deletions
diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml
index ef61fed..a2b9aa6 100644
--- a/roles/gnupg/tasks/main.yml
+++ b/roles/gnupg/tasks/main.yml
@@ -22,42 +22,43 @@
22 ignore_errors: true 22 ignore_errors: true
23 register: gpgkeys 23 register: gpgkeys
24 check_mode: no 24 check_mode: no
25- name: ask for gpg password 25- name: Ask for gpg password
26 pause: 26 when: gpgkeys.stdout == ""
27 prompt: "Chose gpg password" 27 block:
28 echo: false 28 - name: Ask for gpg password
29 register: gpg_password 29 pause:
30 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" 30 prompt: "Chose gpg password"
31- name: confirm gpg password 31 echo: false
32 pause: 32 register: gpg_password
33 prompt: "Confirm gpg password" 33 - name: Confirm gpg password
34 echo: false 34 pause:
35 register: gpg_password_confirm 35 prompt: "Confirm gpg password"
36 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" 36 echo: false
37- name: check gpg password 37 register: gpg_password_confirm
38 assert: 38 - name: check gpg password
39 that: gpg_password_confirm.user_input == gpg_password.user_input 39 assert:
40 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" 40 that: gpg_password_confirm.user_input == gpg_password.user_input
41- name: copy default template for gpg key generation 41- name: Generate gpg key
42 template: 42 when: gpgkeys.stdout == ""
43 src: gen-key-script.j2 43 block:
44 dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" 44 - name: Copy default template for gpg key generation
45 mode: 0600 45 template:
46 no_log: true 46 src: gen-key-script.j2
47 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" 47 dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
48- name: generate gpg key 48 mode: 0600
49 command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" 49 no_log: true
50 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" 50 - name: Generate gpg key
51 register: genkey 51 command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
52- name: remove template file 52 register: genkey
53 file: 53 always:
54 path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" 54 - name: Remove template file
55 state: absent 55 file:
56 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" 56 path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
57 state: absent
57- name: get keygrip 58- name: get keygrip
58 shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10" 59 shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
59 register: keygrip 60 register: keygrip
60 when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" 61 when: gpgkeys.stdout == ""
61 notify: 62 notify:
62 - notify add key to immae@immae.eu 63 - notify add key to immae@immae.eu
63 - send key to immae@immae.eu 64 - send key to immae@immae.eu
@@ -72,24 +73,26 @@
72 when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != "" 73 when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
73 notify: 74 notify:
74 - restart gpg-agent 75 - restart gpg-agent
75- name: Add systemd overrides 76- name: Override the gpg socket directory
76 template: 77 block:
77 src: "systemd/{{ item }}.conf.j2" 78 - name: Add systemd overrides
78 dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf" 79 template:
79 register: results 80 src: "systemd/{{ item }}.conf.j2"
80 loop: 81 dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
81 - dirmngr 82 register: results
82 - gpg-agent 83 loop:
83 - gpg-agent-browser 84 - dirmngr
84 - gpg-agent-extra 85 - gpg-agent
85 - gpg-agent-ssh 86 - gpg-agent-browser
86- name: Restart systemd units 87 - gpg-agent-extra
87 systemd: 88 - gpg-agent-ssh
88 daemon_reload: true 89 - name: Restart systemd units
89 scope: user 90 systemd:
90 state: restarted 91 daemon_reload: true
91 name: "{{ item }}.socket" 92 scope: user
92 loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}" 93 state: restarted
94 name: "{{ item }}.socket"
95 loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
93- name: clone password store 96- name: clone password store
94 register: clone_password_store 97 register: clone_password_store
95 shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store" 98 shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"