diff options
author | Ismaël Bouya <ismael.bouya@fretlink.com> | 2018-11-08 09:47:54 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@fretlink.com> | 2018-11-08 09:47:54 +0100 |
commit | cf86d448f96ede049c04d8165931f92a82f35956 (patch) | |
tree | 915a6fd5f4748559abbe74bd9806f5a01eaada73 /roles/gnupg | |
parent | de1c634c1fda61e34522595b40c66af17681bd14 (diff) | |
download | Ansible-cf86d448f96ede049c04d8165931f92a82f35956.tar.gz Ansible-cf86d448f96ede049c04d8165931f92a82f35956.tar.zst Ansible-cf86d448f96ede049c04d8165931f92a82f35956.zip |
Put tasks in blocks
Diffstat (limited to 'roles/gnupg')
-rw-r--r-- | roles/gnupg/tasks/main.yml | 105 |
1 files changed, 54 insertions, 51 deletions
diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml index ef61fed..a2b9aa6 100644 --- a/roles/gnupg/tasks/main.yml +++ b/roles/gnupg/tasks/main.yml | |||
@@ -22,42 +22,43 @@ | |||
22 | ignore_errors: true | 22 | ignore_errors: true |
23 | register: gpgkeys | 23 | register: gpgkeys |
24 | check_mode: no | 24 | check_mode: no |
25 | - name: ask for gpg password | 25 | - name: Ask for gpg password |
26 | pause: | 26 | when: gpgkeys.stdout == "" |
27 | prompt: "Chose gpg password" | 27 | block: |
28 | echo: false | 28 | - name: Ask for gpg password |
29 | register: gpg_password | 29 | pause: |
30 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | 30 | prompt: "Chose gpg password" |
31 | - name: confirm gpg password | 31 | echo: false |
32 | pause: | 32 | register: gpg_password |
33 | prompt: "Confirm gpg password" | 33 | - name: Confirm gpg password |
34 | echo: false | 34 | pause: |
35 | register: gpg_password_confirm | 35 | prompt: "Confirm gpg password" |
36 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | 36 | echo: false |
37 | - name: check gpg password | 37 | register: gpg_password_confirm |
38 | assert: | 38 | - name: check gpg password |
39 | that: gpg_password_confirm.user_input == gpg_password.user_input | 39 | assert: |
40 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | 40 | that: gpg_password_confirm.user_input == gpg_password.user_input |
41 | - name: copy default template for gpg key generation | 41 | - name: Generate gpg key |
42 | template: | 42 | when: gpgkeys.stdout == "" |
43 | src: gen-key-script.j2 | 43 | block: |
44 | dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | 44 | - name: Copy default template for gpg key generation |
45 | mode: 0600 | 45 | template: |
46 | no_log: true | 46 | src: gen-key-script.j2 |
47 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | 47 | dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" |
48 | - name: generate gpg key | 48 | mode: 0600 |
49 | command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | 49 | no_log: true |
50 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | 50 | - name: Generate gpg key |
51 | register: genkey | 51 | command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" |
52 | - name: remove template file | 52 | register: genkey |
53 | file: | 53 | always: |
54 | path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" | 54 | - name: Remove template file |
55 | state: absent | 55 | file: |
56 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | 56 | path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}" |
57 | state: absent | ||
57 | - name: get keygrip | 58 | - name: get keygrip |
58 | shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10" | 59 | shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10" |
59 | register: keygrip | 60 | register: keygrip |
60 | when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == "" | 61 | when: gpgkeys.stdout == "" |
61 | notify: | 62 | notify: |
62 | - notify add key to immae@immae.eu | 63 | - notify add key to immae@immae.eu |
63 | - send key to immae@immae.eu | 64 | - send key to immae@immae.eu |
@@ -72,24 +73,26 @@ | |||
72 | when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != "" | 73 | when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != "" |
73 | notify: | 74 | notify: |
74 | - restart gpg-agent | 75 | - restart gpg-agent |
75 | - name: Add systemd overrides | 76 | - name: Override the gpg socket directory |
76 | template: | 77 | block: |
77 | src: "systemd/{{ item }}.conf.j2" | 78 | - name: Add systemd overrides |
78 | dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf" | 79 | template: |
79 | register: results | 80 | src: "systemd/{{ item }}.conf.j2" |
80 | loop: | 81 | dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf" |
81 | - dirmngr | 82 | register: results |
82 | - gpg-agent | 83 | loop: |
83 | - gpg-agent-browser | 84 | - dirmngr |
84 | - gpg-agent-extra | 85 | - gpg-agent |
85 | - gpg-agent-ssh | 86 | - gpg-agent-browser |
86 | - name: Restart systemd units | 87 | - gpg-agent-extra |
87 | systemd: | 88 | - gpg-agent-ssh |
88 | daemon_reload: true | 89 | - name: Restart systemd units |
89 | scope: user | 90 | systemd: |
90 | state: restarted | 91 | daemon_reload: true |
91 | name: "{{ item }}.socket" | 92 | scope: user |
92 | loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}" | 93 | state: restarted |
94 | name: "{{ item }}.socket" | ||
95 | loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}" | ||
93 | - name: clone password store | 96 | - name: clone password store |
94 | register: clone_password_store | 97 | register: clone_password_store |
95 | shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store" | 98 | shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store" |