gnupg: ensure ssh uses gnupg-agent

Loads the gnupg_agent-skript in the ~/.bashrc, which exports
the needed variables (SSH_AUTH_SOCK, SSH_AGENT_PID, GPG_AGENT_INFO).

Also downloads the pubkey of the user and sets ownertrust on the key.

Fixes #3

roles/gnupg/defaults/main.yml

@@ -7,3 +7,4 @@ gpg_keygrips: []
 
 gpg_folder: "~/.gnupg"
 
+gpg_user: "{{ ansible_user }}"

roles/gnupg/tasks/main.yml

@@ -38,8 +38,26 @@
     dest: "{{ gpg_folder }}/gnupg_agent"
     mode: 0700
 
+- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
+  blockinfile:
+    path: "~/.bashrc"
+    insertafter: "\[\[ \$- != \*i\* \]\] && return"
+    line: |
+      # load script telling SSH to use the gpg agent
+      source "{{ gpg_folder }}"/gnupg_agent
+    state: present
 
+- name: Download own pubkey
+  get_url:
+    url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
+    dest: "~/{{ gpg_user }}.pub"
 
-
+- name: Import own pubkey and set owner-trust
-
+  command:
+    cmd: |
+      gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
+      trust
+      5
+      quit
+      EOF
 

roles/gnupg/templates/gpg.conf.j2

@@ -8,5 +8,4 @@ allow-freeform-uid
 with-fingerprint
 keyid-format 0xlong
 keyserver hkps://hkps.pool.sks-keyservers.net
-#keyserver-options ca-cert-file=/home/electron/.gnupg/sks-keyservers_ca.pem
 keyserver-options no-honor-keyserver-url