From fb35a0acc689286a989b83c4ad64a9090ea10624 Mon Sep 17 00:00:00 2001
From: transcaffeine <transcaffeine@finally.coffee>
Date: Wed, 4 Feb 2026 12:19:27 +0100
Subject: [PATCH] fix(gnugpg): use FQMN, do not use yaml octal vars

---
 roles/gnupg/defaults/main.yml |  2 +-
 roles/gnupg/tasks/main.yml    | 23 +++++++++++------------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/roles/gnupg/defaults/main.yml b/roles/gnupg/defaults/main.yml
index 55b7278..5a96396 100644
--- a/roles/gnupg/defaults/main.yml
+++ b/roles/gnupg/defaults/main.yml
@@ -14,7 +14,7 @@ gpg_config_emit_version: false
 gpg_config_comments: false
 gpg_config_ignore_time_conflict: false
 gpg_config_allow_freeform_uid: true
-gpg_config_keyid_format: 0xlong
+gpg_config_keyid_format: "0xlong"
 gpg_config_with_fingerprint: true
 
 gpg_config_keyserver: hkps://keys.openpgp.org
diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml
index 0da58cd..899461f 100644
--- a/roles/gnupg/tasks/main.yml
+++ b/roles/gnupg/tasks/main.yml
@@ -1,55 +1,54 @@
 ---
-
 - name: Ensure gnupg is installed (RedHat*)
-  package:
+  ansible.builtin.package:
     name: gnupg2
     state: latest
   become: true
   when: ansible_os_family == "RedHat"
 
 - name: Ensure gnupg is installed (Arch)
-  package:
+  ansible.builtin.package:
     name: gnupg
     state: latest
   become: true
   when: ansible_os_family == "Archlinux"
 
 - name: Ensure ~/.gnupg folder exists with correct permissions
-  file:
+  ansible.builtin.file:
     path: "{{ gpg_config_folder }}"
     state: directory
-    mode: 0700
+    mode: "0700"
 
 - name: Ensure gpg.conf is templated
-  template:
+  ansible.builtin.template:
     src: gpg.conf.j2
     dest: "{{ gpg_config_file }}"
 
 - name: Configure gpg-agent.conf (agent configuration)
-  template:
+  ansible.builtin.template:
     src: gpg-agent.conf.j2
     dest: "{{ gpg_agent_config_file }}"
 
 - name: Configure scdaemon.conf (smartcard daemon)
-  template:
+  ansible.builtin.template:
     src: scdaemon.conf.j2
     dest: "{{ gpg_scdaemon_config_file }}"
 
 - name: Configure sshcontrol (in order for gpg-agent to act as ssh-agent)
-  template:
+  ansible.builtin.template:
     src: sshcontrol.j2
     dest: "{{ gpg_agent_sshcontrol_file }}"
   when: gpg_agent_config_enable_ssh_support
 
 - name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
-  copy:
+  ansible.builtin.copy:
     src: gpg-configure-ssh-auth-socket.sh
     dest: "{{ gpg_configure_agent_script }}"
-    mode: 0700
+    mode: "0700"
   when: gpg_agent_config_enable_ssh_support
 
 - name: Ensure gnupg_agent script is included in bashrc
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "~/.bashrc"
     line: "source {{ gpg_configure_agent_script }}"
     state: present