dotfiles/roles/gnupg/tasks/main.yml

64 lines
1.5 KiB
YAML
Raw Normal View History

---
# Installs GnuPG2 and templates the configs
- name: Install gnupg (RedHat*)
2019-05-02 17:39:41 +00:00
package:
name: gnupg2
state: latest
become: yes
become_user: root
become_method: sudo
when: ansible_os_family == "RedHat"
ignore_errors: true
- name: Install gnupg (Arch)
2019-05-02 17:39:41 +00:00
package:
name: gnupg
state: latest
when: ansible_os_family == "Archlinux"
- name: Configure gpg.conf (behaviour of gpg)
2019-05-02 17:39:41 +00:00
template:
src: gpg.conf.j2
2019-05-05 17:07:14 +00:00
dest: "{{ gpg_folder }}/gpg.conf"
- name: Configure gpg-agent.conf (agent configuration)
2019-05-02 17:39:41 +00:00
template:
src: gpg-agent.conf.j2
2019-05-05 17:07:14 +00:00
dest: "{{ gpg_folder }}/gpg-agent.conf"
- name: Configure ssh-control (in order for gpg-agent to act as ssh-agent)
2019-05-02 17:39:41 +00:00
template:
src: sshcontrol.j2
dest: "{{ gpg_folder }}/sshcontrol"
- name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
template:
src: gnupg_agent.j2
dest: "{{ gpg_folder }}/gnupg_agent"
mode: 0700
- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
blockinfile:
path: "~/.bashrc"
insertafter: "\[\[ \$- != \*i\* \]\] && return"
line: |
# load script telling SSH to use the gpg agent
source "{{ gpg_folder }}"/gnupg_agent
state: present
- name: Download own pubkey
get_url:
url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
dest: "~/{{ gpg_user }}.pub"
- name: Import own pubkey and set owner-trust
command:
cmd: |
gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
trust
5
quit
EOF