---
- name: Ensure gnupg is installed (RedHat*)
  ansible.builtin.package:
    name: gnupg2
    state: latest
  become: true
  when: ansible_os_family == "RedHat"

- name: Ensure gnupg is installed (Arch)
  ansible.builtin.package:
    name: gnupg
    state: latest
  become: true
  when: ansible_os_family == "Archlinux"

- name: Ensure ~/.gnupg folder exists with correct permissions
  ansible.builtin.file:
    path: "{{ gpg_config_folder }}"
    state: directory
    mode: "0700"

- name: Ensure gpg.conf is templated
  ansible.builtin.template:
    src: gpg.conf.j2
    dest: "{{ gpg_config_file }}"

- name: Configure gpg-agent.conf (agent configuration)
  ansible.builtin.template:
    src: gpg-agent.conf.j2
    dest: "{{ gpg_agent_config_file }}"

- name: Configure scdaemon.conf (smartcard daemon)
  ansible.builtin.template:
    src: scdaemon.conf.j2
    dest: "{{ gpg_scdaemon_config_file }}"

- name: Configure sshcontrol (in order for gpg-agent to act as ssh-agent)
  ansible.builtin.template:
    src: sshcontrol.j2
    dest: "{{ gpg_agent_sshcontrol_file }}"
  when: gpg_agent_config_enable_ssh_support

- name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
  ansible.builtin.copy:
    src: gpg-configure-ssh-auth-socket.sh
    dest: "{{ gpg_configure_agent_script }}"
    mode: "0700"
  when: gpg_agent_config_enable_ssh_support

- name: Ensure gnupg_agent script is included in bashrc
  ansible.builtin.lineinfile:
    path: "~/.bashrc"
    line: "source {{ gpg_configure_agent_script }}"
    state: present
  when: gpg_agent_config_enable_ssh_support