Put tasks in blocks

author: Ismaël Bouya <ismael.bouya@fretlink.com> 2018-11-08 09:47:54 +0100
committer: Ismaël Bouya <ismael.bouya@fretlink.com> 2018-11-08 09:47:54 +0100
commit: cf86d448f96ede049c04d8165931f92a82f35956 (patch)
tree: 915a6fd5f4748559abbe74bd9806f5a01eaada73 /roles/gnupg
parent: de1c634c1fda61e34522595b40c66af17681bd14 (diff)
download: Ansible-cf86d448f96ede049c04d8165931f92a82f35956.tar.gz
Ansible-cf86d448f96ede049c04d8165931f92a82f35956.tar.zst
Ansible-cf86d448f96ede049c04d8165931f92a82f35956.zip
1 files changed, 54 insertions, 51 deletions
diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml
index ef61fed..a2b9aa6 100644
--- a/roles/gnupg/tasks/main.yml
+++ b/roles/gnupg/tasks/main.yml
@@ -22,42 +22,43 @@
  ignore_errors: true
  register: gpgkeys
  check_mode: no
- name: ask for gpg password
+- name: Ask for gpg password
-  pause:
+  when: gpgkeys.stdout == ""
-    prompt: "Chose gpg password"
+  block:
-    echo: false
+    - name: Ask for gpg password
-  register: gpg_password
+      pause:
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+        prompt: "Chose gpg password"
- name: confirm gpg password
+        echo: false
-  pause:
+      register: gpg_password
-    prompt: "Confirm gpg password"
+    - name: Confirm gpg password
-    echo: false
+      pause:
-  register: gpg_password_confirm
+        prompt: "Confirm gpg password"
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+        echo: false
- name: check gpg password
+      register: gpg_password_confirm
-  assert:
+    - name: check gpg password
-    that: gpg_password_confirm.user_input == gpg_password.user_input
+      assert:
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+        that: gpg_password_confirm.user_input == gpg_password.user_input
- name: copy default template for gpg key generation
+- name: Generate gpg key
-  template:
+  when: gpgkeys.stdout == ""
-    src: gen-key-script.j2
+  block:
-    dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+    - name: Copy default template for gpg key generation
-    mode: 0600
+      template:
-  no_log: true
+        src: gen-key-script.j2
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+        dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
- name: generate gpg key
+        mode: 0600
-  command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+      no_log: true
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+    - name: Generate gpg key
-  register: genkey
+      command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
- name: remove template file
+      register: genkey
-  file:
+  always:
-    path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+    - name: Remove template file
-    state: absent
+      file:
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+        path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
+        state: absent
 - name: get keygrip
  shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
  register: keygrip
-  when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""
+  when: gpgkeys.stdout == ""
  notify:
    - notify add key to immae@immae.eu
    - send key to immae@immae.eu
@@ -72,24 +73,26 @@
  when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
  notify:
    - restart gpg-agent
- name: Add systemd overrides
+- name: Override the gpg socket directory
-  template:
+  block:
-    src: "systemd/{{ item }}.conf.j2"
+    - name: Add systemd overrides
-    dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
+      template:
-  register: results
+        src: "systemd/{{ item }}.conf.j2"
-  loop:
+        dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
-    - dirmngr
+      register: results
-    - gpg-agent
+      loop:
-    - gpg-agent-browser
+        - dirmngr
-    - gpg-agent-extra
+        - gpg-agent
-    - gpg-agent-ssh
+        - gpg-agent-browser
- name: Restart systemd units
+        - gpg-agent-extra
-  systemd:
+        - gpg-agent-ssh
-    daemon_reload: true
+    - name: Restart systemd units
-    scope: user
+      systemd:
-    state: restarted
+        daemon_reload: true
-    name: "{{ item }}.socket"
+        scope: user
-  loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
+        state: restarted
+        name: "{{ item }}.socket"
+      loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
 - name: clone password store
  register: clone_password_store
  shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"
author	Ismaël Bouya <ismael.bouya@fretlink.com>	2018-11-08 09:47:54 +0100
committer	Ismaël Bouya <ismael.bouya@fretlink.com>	2018-11-08 09:47:54 +0100
commit	cf86d448f96ede049c04d8165931f92a82f35956 (patch)
tree	915a6fd5f4748559abbe74bd9806f5a01eaada73 /roles/gnupg
parent	de1c634c1fda61e34522595b40c66af17681bd14 (diff)
download	Ansible-cf86d448f96ede049c04d8165931f92a82f35956.tar.gz Ansible-cf86d448f96ede049c04d8165931f92a82f35956.tar.zst Ansible-cf86d448f96ede049c04d8165931f92a82f35956.zip

diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml index ef61fed..a2b9aa6 100644 --- a/roles/gnupg/tasks/main.yml +++ b/roles/gnupg/tasks/main.yml
@@ -22,42 +22,43 @@
22	ignore_errors: true	22	ignore_errors: true
23	register: gpgkeys	23	register: gpgkeys
24	check_mode: no	24	check_mode: no
25	- name: ask for gpg password	25	- name: Ask for gpg password
26	pause:	26	when: gpgkeys.stdout == ""
27	prompt: "Chose gpg password"	27	block:
28	echo: false	28	- name: Ask for gpg password
29	register: gpg_password	29	pause:
30	when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""	30	prompt: "Chose gpg password"
31	- name: confirm gpg password	31	echo: false
32	pause:	32	register: gpg_password
33	prompt: "Confirm gpg password"	33	- name: Confirm gpg password
34	echo: false	34	pause:
35	register: gpg_password_confirm	35	prompt: "Confirm gpg password"
36	when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""	36	echo: false
37	- name: check gpg password	37	register: gpg_password_confirm
38	assert:	38	- name: check gpg password
39	that: gpg_password_confirm.user_input == gpg_password.user_input	39	assert:
40	when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""	40	that: gpg_password_confirm.user_input == gpg_password.user_input
41	- name: copy default template for gpg key generation	41	- name: Generate gpg key
42	template:	42	when: gpgkeys.stdout == ""
43	src: gen-key-script.j2	43	block:
44	dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"	44	- name: Copy default template for gpg key generation
45	mode: 0600	45	template:
46	no_log: true	46	src: gen-key-script.j2
47	when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""	47	dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
48	- name: generate gpg key	48	mode: 0600
49	command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"	49	no_log: true
50	when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""	50	- name: Generate gpg key
51	register: genkey	51	command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
52	- name: remove template file	52	register: genkey
53	file:	53	always:
54	path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"	54	- name: Remove template file
55	state: absent	55	file:
56	when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""	56	path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
		57	state: absent
57	- name: get keygrip	58	- name: get keygrip
58	shell: "gpg -K --with-colons {{ gpg_useremail }} \| grep '^grp' \| cut -d':' -f10"	59	shell: "gpg -K --with-colons {{ gpg_useremail }} \| grep '^grp' \| cut -d':' -f10"
59	register: keygrip	60	register: keygrip
60	when: gpgkeys is defined and "stdout" in gpgkeys and gpgkeys.stdout == ""	61	when: gpgkeys.stdout == ""
61	notify:	62	notify:
62	- notify add key to immae@immae.eu	63	- notify add key to immae@immae.eu
63	- send key to immae@immae.eu	64	- send key to immae@immae.eu
@@ -72,24 +73,26 @@
72	when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""	73	when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
73	notify:	74	notify:
74	- restart gpg-agent	75	- restart gpg-agent
75	- name: Add systemd overrides	76	- name: Override the gpg socket directory
76	template:	77	block:
77	src: "systemd/{{ item }}.conf.j2"	78	- name: Add systemd overrides
78	dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"	79	template:
79	register: results	80	src: "systemd/{{ item }}.conf.j2"
80	loop:	81	dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
81	- dirmngr	82	register: results
82	- gpg-agent	83	loop:
83	- gpg-agent-browser	84	- dirmngr
84	- gpg-agent-extra	85	- gpg-agent
85	- gpg-agent-ssh	86	- gpg-agent-browser
86	- name: Restart systemd units	87	- gpg-agent-extra
87	systemd:	88	- gpg-agent-ssh
88	daemon_reload: true	89	- name: Restart systemd units
89	scope: user	90	systemd:
90	state: restarted	91	daemon_reload: true
91	name: "{{ item }}.socket"	92	scope: user
92	loop: "{{ results.results\|selectattr('changed')\|map(attribute='item')\|list }}"	93	state: restarted
		94	name: "{{ item }}.socket"
		95	loop: "{{ results.results\|selectattr('changed')\|map(attribute='item')\|list }}"
93	- name: clone password store	96	- name: clone password store
94	register: clone_password_store	97	register: clone_password_store
95	shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"	98	shell: "cd $(dirname $ANSIBLE_CONFIG ); git submodule update --init password_store"