blob: 2bd1c79ad7e0cfd8ded167909214c8acc4f33bc9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
---
- name: Config files
synchronize:
recursive: yes
archive: no
checksum: yes
src: gnupg
dest: /$XDG_CONFIG_HOME/
- name: Protect directory
file:
path: $XDG_CONFIG_HOME/gnupg
state: directory
mode: 0700
- name: Get gnupg runtime folder name
shell: 'gpgconf --list-dirs socketdir | sed -e "s@$XDG_RUNTIME_DIR/gnupg/@@"'
register: gnupg_runtime_dir_cmd
changed_when: false
check_mode: no
- name: check existing secret key
shell: "gpg --list-secret-keys | grep '{{ gpg_useremail }}'"
changed_when: false
ignore_errors: true
register: gpgkeys
check_mode: no
- name: Ask for gpg password
when: gpgkeys.stdout == ""
block:
- name: Ask for gpg password
pause:
prompt: "Chose gpg password"
echo: false
register: gpg_password
- name: Confirm gpg password
pause:
prompt: "Confirm gpg password"
echo: false
register: gpg_password_confirm
- name: check gpg password
assert:
that: gpg_password_confirm.user_input == gpg_password.user_input
- name: Generate gpg key
when: gpgkeys.stdout == ""
block:
- name: Copy default template for gpg key generation
template:
src: gen-key-script.j2
dest: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
mode: 0600
no_log: true
- name: Generate gpg key
command: "gpg --batch --gen-key $XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
register: genkey
always:
- name: Remove template file
file:
path: "$XDG_CONFIG_HOME/gnupg/gen-key-script-{{ gpg_user }}"
state: absent
- name: get keygrip
shell: "gpg -K --with-colons {{ gpg_useremail }} | grep '^grp' | cut -d':' -f10"
register: keygrip
when: gpgkeys.stdout == ""
notify:
- notify add key to immae@immae.eu
- send key to immae@immae.eu
- notify add key to password store
- name: add keygrip to sshcontrol
lineinfile:
line: "{{ keygrip.stdout }}"
insertafter: EOF
dest: "$XDG_CONFIG_HOME/gnupg/sshcontrol"
create: true
state: present
when: keygrip is defined and "stdout" in keygrip and keygrip.stdout != ""
notify:
- restart gpg-agent
- name: Override the gpg socket directory
block:
- name: Add systemd overrides
template:
src: "systemd/{{ item }}.conf.j2"
dest: "$XDG_CONFIG_HOME/systemd/user/{{ item }}.socket.d/override.conf"
register: results
loop:
- dirmngr
- gpg-agent
- gpg-agent-browser
- gpg-agent-extra
- gpg-agent-ssh
- name: Restart systemd units
systemd:
daemon_reload: true
scope: user
state: restarted
name: "{{ item }}.socket"
loop: "{{ results.results|selectattr('changed')|map(attribute='item')|list }}"
|