---
# Installs GnuPG2 and templates the configs

- name: Install gnupg (RedHat*)
  package:
    name: gnupg2
    state: latest
  become: yes
  become_user: root
  become_method: sudo
  when: ansible_os_family == "RedHat"
  ignore_errors: true

- name: Install gnupg (Arch)
  package:
    name: gnupg
    state: latest
  when: ansible_os_family == "Archlinux"

- name: Configure gpg.conf (behaviour of gpg)
  template:
    src: gpg.conf.j2
    dest: "{{ gpg_folder }}/gpg.conf"

- name: Configure gpg-agent.conf (agent configuration)
  template:
    src: gpg-agent.conf.j2
    dest: "{{ gpg_folder }}/gpg-agent.conf"

- name: Configure ssh-control (in order for gpg-agent to act as ssh-agent)
  template:
    src: sshcontrol.j2
    dest: "{{ gpg_folder }}/sshcontrol"

- name: Copy gnupg_agent script, which makes gpg-agent responsible for ssh-auth
  template:
    src: gnupg_agent.j2
    dest: "{{ gpg_folder }}/gnupg_agent"
    mode: 0700

- name: Ensure gnupg_agent skript is included in .bashrc so SSH uses gpg-agent
  blockinfile:
    path: "~/.bashrc"
    insertafter: "\[\[ \$- != \*i\* \]\] && return"
    line: |
      # load script telling SSH to use the gpg agent
      source "{{ gpg_folder }}"/gnupg_agent
    state: present

- name: Download own pubkey
  get_url:
    url: "https://git.finallycoffee.eu/{{ gpg_user }}/about/raw/branch/master/pubkey.asc"
    dest: "~/{{ gpg_user }}.pub"

- name: Import own pubkey and set owner-trust
  command:
    cmd: |
      gpg2 --no-tty --command-fd 0 --import ~/{{ gpg_user }}.pub << EOF
      trust
      5
      quit
      EOF