gnupg: ensure ssh uses gnupg-agent

Loads the gnupg_agent-skript in the ~/.bashrc, which exports
the needed variables (SSH_AUTH_SOCK, SSH_AGENT_PID, GPG_AGENT_INFO).

Also downloads the pubkey of the user and sets ownertrust on the key.

Fixes #3
This commit is contained in:
transcaffeine 2020-11-05 19:49:02 +01:00
parent f35f4188db
commit 378cce9bc9
Signed by: transcaffeine
GPG Key ID: 03624C433676E465
3 changed files with 21 additions and 3 deletions

View File

@ -7,3 +7,4 @@ gpg_keygrips: []
gpg_folder: "~/.gnupg" gpg_folder: "~/.gnupg"
gpg_user: "{{ ansible_user }}"

View File

@ -38,8 +38,26 @@
dest: "{{ gpg_folder }}/gnupg_agent" dest: "{{ gpg_folder }}/gnupg_agent"
mode: 0700 mode: 0700
- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
blockinfile:
path: "~/.bashrc"
insertafter: "\[\[ \$- != \*i\* \]\] && return"
line: |
# load script telling SSH to use the gpg agent
source "{{ gpg_folder }}"/gnupg_agent
state: present
- name: Download own pubkey
get_url:
url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
dest: "~/{{ gpg_user }}.pub"
- name: Import own pubkey and set owner-trust
command:
cmd: |
gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
trust
5
quit
EOF

View File

@ -8,5 +8,4 @@ allow-freeform-uid
with-fingerprint with-fingerprint
keyid-format 0xlong keyid-format 0xlong
keyserver hkps://hkps.pool.sks-keyservers.net keyserver hkps://hkps.pool.sks-keyservers.net
#keyserver-options ca-cert-file=/home/electron/.gnupg/sks-keyservers_ca.pem
keyserver-options no-honor-keyserver-url keyserver-options no-honor-keyserver-url