finallycoffee/base
5
0
Fork 1
Code Issues 2 Pull Requests 4 Packages Projects Releases Wiki Activity

fix(gnugpg): use FQMN, do not use yaml octal vars

Browse Source
This commit is contained in:
transcaffeine
2026-02-04 12:19:27 +01:00
parent afcea9439c
commit fb35a0acc6
2 changed files with 12 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/gnupg/defaults/main.yml
View File

@@ -14,7 +14,7 @@ gpg_config_emit_version: false
gpg_config_comments: false gpg_config_comments: false
gpg_config_ignore_time_conflict: false gpg_config_ignore_time_conflict: false
gpg_config_allow_freeform_uid: true gpg_config_allow_freeform_uid: true
gpg_config_keyid_format: 0xlong gpg_config_keyid_format: "0xlong"
gpg_config_with_fingerprint: true gpg_config_with_fingerprint: true
gpg_config_keyserver: hkps://keys.openpgp.org gpg_config_keyserver: hkps://keys.openpgp.org

23
roles/gnupg/tasks/main.yml
View File

@@ -1,55 +1,54 @@
--- ---
- name: Ensure gnupg is installed (RedHat*) - name: Ensure gnupg is installed (RedHat*)
package: ansible.builtin.package:
name: gnupg2 name: gnupg2
state: latest state: latest
become: true become: true
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
- name: Ensure gnupg is installed (Arch) - name: Ensure gnupg is installed (Arch)
package: ansible.builtin.package:
name: gnupg name: gnupg
state: latest state: latest
become: true become: true
when: ansible_os_family == "Archlinux" when: ansible_os_family == "Archlinux"
- name: Ensure ~/.gnupg folder exists with correct permissions - name: Ensure ~/.gnupg folder exists with correct permissions
file: ansible.builtin.file:
path: "{{ gpg_config_folder }}" path: "{{ gpg_config_folder }}"
state: directory state: directory
mode: 0700 mode: "0700"
- name: Ensure gpg.conf is templated - name: Ensure gpg.conf is templated
template: ansible.builtin.template:
src: gpg.conf.j2 src: gpg.conf.j2
dest: "{{ gpg_config_file }}" dest: "{{ gpg_config_file }}"
- name: Configure gpg-agent.conf (agent configuration) - name: Configure gpg-agent.conf (agent configuration)
template: ansible.builtin.template:
src: gpg-agent.conf.j2 src: gpg-agent.conf.j2
dest: "{{ gpg_agent_config_file }}" dest: "{{ gpg_agent_config_file }}"
- name: Configure scdaemon.conf (smartcard daemon) - name: Configure scdaemon.conf (smartcard daemon)
template: ansible.builtin.template:
src: scdaemon.conf.j2 src: scdaemon.conf.j2
dest: "{{ gpg_scdaemon_config_file }}" dest: "{{ gpg_scdaemon_config_file }}"
- name: Configure sshcontrol (in order for gpg-agent to act as ssh-agent) - name: Configure sshcontrol (in order for gpg-agent to act as ssh-agent)
template: ansible.builtin.template:
src: sshcontrol.j2 src: sshcontrol.j2
dest: "{{ gpg_agent_sshcontrol_file }}" dest: "{{ gpg_agent_sshcontrol_file }}"
when: gpg_agent_config_enable_ssh_support when: gpg_agent_config_enable_ssh_support
- name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth - name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
copy: ansible.builtin.copy:
src: gpg-configure-ssh-auth-socket.sh src: gpg-configure-ssh-auth-socket.sh
dest: "{{ gpg_configure_agent_script }}" dest: "{{ gpg_configure_agent_script }}"
mode: 0700 mode: "0700"
when: gpg_agent_config_enable_ssh_support when: gpg_agent_config_enable_ssh_support
- name: Ensure gnupg_agent script is included in bashrc - name: Ensure gnupg_agent script is included in bashrc
lineinfile: ansible.builtin.lineinfile:
path: "~/.bashrc" path: "~/.bashrc"
line: "source {{ gpg_configure_agent_script }}" line: "source {{ gpg_configure_agent_script }}"
state: present state: present