feat(gnupg): add role for configuring gnupg with support to act as an ssh agent

roles/git/defaults/main.yml

@@ -1,15 +0,0 @@
----
-
-git_config_file: ~/.gitconfig
-
-git_config_gpg_program: gpg2
-git_config_commit_gpgsign: false
-git_config_pull_rebase: true
-git_config_pull_ff: only
-git_config_rebase_autostash: true
-git_config_merge_autostash: true
-git_config_init_default_branch: main
-git_config_core_editor: vim
-
-git_config_user: []
-git_config_credentials: []

roles/git/tasks/main.yml

@@ -1,45 +0,0 @@
----
-
-- name: Ensure git configuration is persisted in git configs file
-  blockinfile:
-    dest: "{{ git_config_file }}"
-    mode: "0660"
-    create: yes
-    state: present
-    marker: "{mark} ANSIBLE MANAGED BLOCK by finallycoffee.base.git"
-    block: |+2
-      {% if git_config_user_name|default(false, true) and git_config_user_email|default(false, true) %}
-      [user]
-        name = {{ git_config_user_name }}
-        email = {{ git_config_user_email }}
-      {% if git_config_user_signingkey %}
-        signingkey = {{ git_config_user_signingkey }}
-      {% endif %}
-      {% endif %}
-      [gpg]
-        program = {{ git_config_gpg_program }}
-      [core]
-        editor = {{ git_config_core_editor }}
-      [commit]
-        gpgsign = {{ git_config_commit_gpgsign }}
-      [pull]
-        rebase = {{ git_config_pull_rebase }}
-        ff = {{ git_config_pull_ff }}
-      [rebase]
-        autostash = {{ git_config_rebase_autostash }}
-      [merge]
-        autostash = {{ git_config_merge_autostash }}
-      [init]
-        defaultBranch = {{ git_config_init_default_branch }}
-      [alias]
-      {% for alias in git_config_alias %}
-        {{ alias.name }} = {{ alias.command }}
-      {% endfor %}
-      
-      {% for credentialset in git_config_credentials %}
-      [credential "{{ credentialset.remote_url }}"]
-      {% for entry in credentialset.config | dict2items %}
-        {{ entry.key }} = {{ entry.value }}
-      {% endfor %}
-
-      {% endfor %}

roles/gnupg/defaults/main.yml

@@ -6,7 +6,7 @@ gpg_agent_config_file: "{{ gpg_config_folder }}/gpg-agent.conf"
 gpg_agent_sshcontrol_file: "{{ gpg_config_folder }}/sshcontrol"
 gpg_configure_agent_script: "{{ gpg_config_folder }}/gpg-configure-as-ssh-agent.sh"
 
-gpg_keygrips_for_ssh: []
+gpg_keys_for_ssh: []
 
 gpg_config_cert_digest_algo: SHA256
 gpg_config_emit_version: false

roles/gnupg/tasks/main.yml

@@ -14,12 +14,6 @@
   become: true
   when: ansible_os_family == "Archlinux"
 
-- name: Ensure ~/.gnupg folder exists with correct permissions
-  file:
-    path: "{{ gpg_config_folder }}"
-    state: directory
-    mode: 0700
-
 - name: Ensure gpg.conf is templated
   template:
     src: gpg.conf.j2
@@ -39,15 +33,8 @@
   when: gpg_agent_config_enable_ssh_support
 
 - name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
-  copy:
+  file:
     src: gpg-configure-ssh-auth-socket.sh
     dest: "{{ gpg_configure_agent_script }}"
     mode: 0700
   when: gpg_agent_config_enable_ssh_support
-
-- name: Ensure gnupg_agent script is included in bashrc
-  lineinfile:
-    path: "~/.bashrc"
-    line: "source {{ gpg_configure_agent_script }}"
-    state: present
-  when: gpg_agent_config_enable_ssh_support

roles/gnupg/templates/sshcontrol.j2

@@ -9,6 +9,6 @@
 # caching TTL in seconds, and another optional field for arbitrary
 # flags.   Prepend the keygrip with an '!' mark to disable it.
 
-{% for keygrip in gpg_keygrips_for_ssh %}
+{% for keygrip in ssh_keygrips %}
 {{ keygrip }}
 {% endfor %}