2019-03-16 07:44:22 +00:00
|
|
|
---
|
|
|
|
# Installs GnuPG2 and templates the configs
|
|
|
|
|
|
|
|
- name: Install gnupg (RedHat*)
|
2019-05-02 17:39:41 +00:00
|
|
|
package:
|
|
|
|
name: gnupg2
|
|
|
|
state: latest
|
2020-05-15 14:52:47 +00:00
|
|
|
become: yes
|
|
|
|
become_user: root
|
|
|
|
become_method: sudo
|
2019-03-16 07:44:22 +00:00
|
|
|
when: ansible_os_family == "RedHat"
|
2019-06-21 19:12:18 +00:00
|
|
|
ignore_errors: true
|
2019-03-16 07:44:22 +00:00
|
|
|
|
|
|
|
- name: Install gnupg (Arch)
|
2019-05-02 17:39:41 +00:00
|
|
|
package:
|
2019-03-16 07:44:22 +00:00
|
|
|
name: gnupg
|
|
|
|
state: latest
|
|
|
|
when: ansible_os_family == "Archlinux"
|
|
|
|
|
|
|
|
- name: Configure gpg.conf (behaviour of gpg)
|
2019-05-02 17:39:41 +00:00
|
|
|
template:
|
|
|
|
src: gpg.conf.j2
|
2019-05-05 17:07:14 +00:00
|
|
|
dest: "{{ gpg_folder }}/gpg.conf"
|
2019-03-16 07:44:22 +00:00
|
|
|
|
|
|
|
- name: Configure gpg-agent.conf (agent configuration)
|
2019-05-02 17:39:41 +00:00
|
|
|
template:
|
|
|
|
src: gpg-agent.conf.j2
|
2019-05-05 17:07:14 +00:00
|
|
|
dest: "{{ gpg_folder }}/gpg-agent.conf"
|
2019-03-16 07:44:22 +00:00
|
|
|
|
|
|
|
- name: Configure ssh-control (in order for gpg-agent to act as ssh-agent)
|
2019-05-02 17:39:41 +00:00
|
|
|
template:
|
|
|
|
src: sshcontrol.j2
|
2019-05-02 17:51:20 +00:00
|
|
|
dest: "{{ gpg_folder }}/sshcontrol"
|
2019-03-16 07:44:22 +00:00
|
|
|
|
|
|
|
- name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
|
2019-05-18 19:14:04 +00:00
|
|
|
template:
|
|
|
|
src: gnupg_agent.j2
|
|
|
|
dest: "{{ gpg_folder }}/gnupg_agent"
|
2019-03-16 07:44:22 +00:00
|
|
|
mode: 0700
|
|
|
|
|
2020-11-05 18:49:02 +00:00
|
|
|
- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
|
|
|
|
blockinfile:
|
|
|
|
path: "~/.bashrc"
|
|
|
|
insertafter: "\[\[ \$- != \*i\* \]\] && return"
|
|
|
|
line: |
|
|
|
|
# load script telling SSH to use the gpg agent
|
|
|
|
source "{{ gpg_folder }}"/gnupg_agent
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Download own pubkey
|
|
|
|
get_url:
|
|
|
|
url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
|
|
|
|
dest: "~/{{ gpg_user }}.pub"
|
|
|
|
|
|
|
|
- name: Import own pubkey and set owner-trust
|
|
|
|
command:
|
|
|
|
cmd: |
|
|
|
|
gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
|
|
|
|
trust
|
|
|
|
5
|
|
|
|
quit
|
|
|
|
EOF
|
2019-05-02 17:51:20 +00:00
|
|
|
|