machine_setup/ansible/roles/gpg/tasks/peruser.yaml
2024-01-02 12:29:39 -05:00

53 lines
1.3 KiB
YAML

- include_role:
name: per_user
- name: Create gpg config directory
file:
name: "{{ account_homedir.stdout }}/.gnupg"
state: directory
mode: 0700
owner: "{{ account_name.stdout }}"
group: "{{ group_name.stdout }}"
- name: Copy files
copy:
src: "files/{{ item.src }}"
dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
mode: 0600
owner: "{{ account_name.stdout }}"
group: "{{ group_name.stdout }}"
loop:
- src: gpg.conf
dest: .gnupg/gpg.conf
- src: scdaemon.conf
dest: .gnupg/scdaemon.conf
- name: Copy templates
template:
src: "templates/{{ item.src }}.j2"
dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
mode: 0600
owner: "{{ account_name.stdout }}"
group: "{{ group_name.stdout }}"
loop:
- src: gpg-agent.conf
dest: .gnupg/gpg-agent.conf
- name: Check trusted gpg keys
command: gpg --list-public-keys --keyid-format LONG
register: gpgkeys
changed_when: false
check_mode: no
- name: Import public key for yubikey
command: gpg --import
when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout'
args:
stdin: "{{ lookup('file', pgp_key|default('gpg.asc')) }}"
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/peruser_linux.yaml
when: 'os_flavor == "linux"'