feat(git): add role for configuring git

roles/git/defaults/main.yml

@@ -0,0 +1,15 @@
+---
+
+git_config_file: ~/.gitconfig
+
+git_config_gpg_program: gpg2
+git_config_commit_gpgsign: false
+git_config_pull_rebase: true
+git_config_pull_ff: only
+git_config_rebase_autostash: true
+git_config_merge_autostash: true
+git_config_init_default_branch: main
+git_config_core_editor: vim
+
+git_config_user: []
+git_config_credentials: []

roles/git/tasks/main.yml

@@ -0,0 +1,45 @@
+---
+
+- name: Ensure git configuration is persisted in git configs file
+  blockinfile:
+    dest: "{{ git_config_file }}"
+    mode: "0660"
+    create: yes
+    state: present
+    marker: "{mark} ANSIBLE MANAGED BLOCK by finallycoffee.base.git"
+    block: |+2
+      {% if git_config_user_name|default(false, true) and git_config_user_email|default(false, true) %}
+      [user]
+        name = {{ git_config_user_name }}
+        email = {{ git_config_user_email }}
+      {% if git_config_user_signingkey %}
+        signingkey = {{ git_config_user_signingkey }}
+      {% endif %}
+      {% endif %}
+      [gpg]
+        program = {{ git_config_gpg_program }}
+      [core]
+        editor = {{ git_config_core_editor }}
+      [commit]
+        gpgsign = {{ git_config_commit_gpgsign }}
+      [pull]
+        rebase = {{ git_config_pull_rebase }}
+        ff = {{ git_config_pull_ff }}
+      [rebase]
+        autostash = {{ git_config_rebase_autostash }}
+      [merge]
+        autostash = {{ git_config_merge_autostash }}
+      [init]
+        defaultBranch = {{ git_config_init_default_branch }}
+      [alias]
+      {% for alias in git_config_alias %}
+        {{ alias.name }} = {{ alias.command }}
+      {% endfor %}
+      
+      {% for credentialset in git_config_credentials %}
+      [credential "{{ credentialset.remote_url }}"]
+      {% for entry in credentialset.config | dict2items %}
+        {{ entry.key }} = {{ entry.value }}
+      {% endfor %}
+
+      {% endfor %}

roles/gnupg/defaults/main.yml

@@ -6,7 +6,7 @@ gpg_agent_config_file: "{{ gpg_config_folder }}/gpg-agent.conf"
 gpg_agent_sshcontrol_file: "{{ gpg_config_folder }}/sshcontrol"
 gpg_configure_agent_script: "{{ gpg_config_folder }}/gpg-configure-as-ssh-agent.sh"
 
-gpg_keys_for_ssh: []
+gpg_keygrips_for_ssh: []
 
 gpg_config_cert_digest_algo: SHA256
 gpg_config_emit_version: false

roles/gnupg/tasks/main.yml

@@ -14,6 +14,12 @@
   become: true
   when: ansible_os_family == "Archlinux"
 
+- name: Ensure ~/.gnupg folder exists with correct permissions
+  file:
+    path: "{{ gpg_config_folder }}"
+    state: directory
+    mode: 0700
+
 - name: Ensure gpg.conf is templated
   template:
     src: gpg.conf.j2
@@ -33,8 +39,15 @@
   when: gpg_agent_config_enable_ssh_support
 
 - name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
-  file:
+  copy:
     src: gpg-configure-ssh-auth-socket.sh
     dest: "{{ gpg_configure_agent_script }}"
     mode: 0700
   when: gpg_agent_config_enable_ssh_support
+
+- name: Ensure gnupg_agent script is included in bashrc
+  lineinfile:
+    path: "~/.bashrc"
+    line: "source {{ gpg_configure_agent_script }}"
+    state: present
+  when: gpg_agent_config_enable_ssh_support

roles/gnupg/templates/sshcontrol.j2

@@ -9,6 +9,6 @@
 # caching TTL in seconds, and another optional field for arbitrary
 # flags.   Prepend the keygrip with an '!' mark to disable it.
 
-{% for keygrip in ssh_keygrips %}
+{% for keygrip in gpg_keygrips_for_ssh %}
 {{ keygrip }}
 {% endfor %}