Add a separate pgp key for work.

2024-01-02 12:29:39 -05:00 · 2024-01-02 12:29:39 -05:00 · 80a3f2291c
commit 80a3f2291c
parent 6e13ac355a
8 changed files with 70 additions and 3 deletions
--- a/ansible/environments/laptop/host_vars/odowork
+++ b/ansible/environments/laptop/host_vars/odowork
@ -1,4 +1,6 @@
 os_flavor: "linux"
 hostname: odowork
 etc_hosts: {}
 users:
  talexander:
    initialize: true
@ -19,6 +21,7 @@ zfs_snapshot_datasets:
  - path: zroot/linux/archwork/be
 install_graphics: true
 graphics_driver: "amd"
 pgp_key: "gpg_work.asc"
 build_user:
  name: talexander
  group: talexander
--- a/ansible/roles/base/files/gitconfig_work
+++ b/ansible/roles/base/files/gitconfig_work
@ -1,5 +1,5 @@
 [user]
-	email = work@fizz.buzz
+	email = ThomasA.Alexander@hmhn.org
 	name = Tom Alexander
 	signingkey = D3A179C9A53C0EDE
 [push]
--- a/ansible/roles/build/files/gpg_work.asc
+++ b/ansible/roles/build/files/gpg_work.asc
@ -0,0 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
 0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
 b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
 BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
 DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
 0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
 ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
 Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
 vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
 yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
 9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
 IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
 jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
 Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
 EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
 duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
 UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
 C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
 PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
 FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
 EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
 MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
 d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
 =0HtE
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/build/tasks/linux.yaml
+++ b/ansible/roles/build/tasks/linux.yaml
@ -39,7 +39,7 @@
 - name: Trust my signing key
  command: pacman-key -a -
  args:
-    stdin: "{{ lookup('file', 'gpg.asc') }}"
+    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
  when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout'
  register: my_key_imported
--- a/ansible/roles/firefox/defaults/main.yaml
+++ b/ansible/roles/firefox/defaults/main.yaml
@ -11,3 +11,4 @@ firefox_config:
  browser.newtabpage.activity-stream.showSponsoredTopSites: false
  browser.newtabpage.activity-stream.feeds.section.topstories: false
  browser.newtabpage.pinned: "[]"
  browser.newtabpage.activity-stream.section.highlights.includePocket: false
--- a/ansible/roles/gpg/files/gpg_work.asc
+++ b/ansible/roles/gpg/files/gpg_work.asc
@ -0,0 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
 0H+RsWG0LVRob21hcyBBbGV4YW5kZXIgPFRob21hc0EuQWxleGFuZGVyQGhtaG4u
 b3JnPoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAmULicsCGwMFCwkI
 BwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhFXBsUtQD9GWPdWc/nSmO0Gp7p
 DzxrieliriAnO+ZCHp31mFbMtToBAPxPYN9y4kgSiXhLiFLoRK5k5FCspksTSitg
 0CbXDE4LuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK202EIAwTBuxARUygOvn+AloMJd
 ui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsF
 Al2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjIbb23xmhxh5cM/UJxdGedfWMy
 vF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOlHscy60XWPlvXLoAJuDMEXZwW
 yhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI
 9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2
 IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7e
 jJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZ
 Luka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/
 EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/
 duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+
 UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJl
 C4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SB
 PG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2c
 FygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWI
 EgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkL
 MdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcW
 d5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nswax1MIM8DBQ==
 =0HtE
 -----END PGP PUBLIC KEY BLOCK-----
--- a/ansible/roles/gpg/tasks/peruser.yaml
+++ b/ansible/roles/gpg/tasks/peruser.yaml
@ -43,7 +43,7 @@
  command: gpg --import
  when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout'
  args:
-    stdin: "{{ lookup('file', 'gpg.asc') }}"
+    stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'
--- a/ansible/roles/hosts/tasks/common.yaml
+++ b/ansible/roles/hosts/tasks/common.yaml
@ -1,10 +1,19 @@
 - name: Set the /etc/hosts
  when: hostname is undefined or item.key != hostname
  ansible.builtin.lineinfile:
    path: /etc/hosts
    regexp: '^{{ item.key | regex_escape() }}\s+'
    line: "{{ item.key }}		{{ item.value | join(' ') }}"
  loop: "{{ etc_hosts | dict2items }}"
 # Without an entry for the local hostname, firefox takes multiple minutes to launch.
 - name: Set the /etc/hosts
  when: hostname is defined
  ansible.builtin.lineinfile:
    path: /etc/hosts
    regexp: '\s+{{ hostname | regex_escape() }}\s*$'
    line: "127.0.0.1		{{ hostname }}"
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'