#SPDX-License-Identifier: MIT-0
---
# tasks file for bootstrap
- name: Create GNUPGP directory in user home directory
  when: ansible_facts['user_id'] in hostvars[inventory_hostname].users
  ansible.builtin.file:
    group: "{{ hostvars[inventory_hostname].users[ansible_facts['user_id']].group | default(ansible_facts['user_id']) }}"
    mode: "0700"
    owner: "{{ ansible_facts['user_id'] }}"
    path: "{{ ansible_facts['user_dir'] }}/.gnupg"
    state: directory
- name: Create GPG key files
  when: ansible_facts['user_id'] in hostvars[inventory_hostname].users and hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys is not None and len(hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys) > 0
  ansible.builtin.copy:
    backup: true
    dest: "{{ ansible_facts['user_dir'] }}/.gnupg/{{ item.id }}.key"
    force: true
    group: "{{ hostvars[inventory_hostname].users[ansible_facts['user_id']].group | default(ansible_facts['user_id']) }}"
    mode: "0600"
    owner: "{{ ansible_facts['user_id'] }}"
    src: "gnupg/{{ item.id }}.key"
    # validate: "gpg --verify {{ item.id }}.sig %s"
  loop: "{{ hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys }}"
  register: created_gpg_keys
- name: Import GPG key files
  when: ansible_facts['user_id'] in hostvars[inventory_hostname].users and hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys is not None and len(hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys) > 0
  ansible.builtin.command:
    argv:
      - gpg
      - --batch
      - --passphrase-fd 0
      - --import
      - "{{ ansible_facts['user_dir'] }}/.gnupg/{{ item.id }}.key"
    stdin: "{{ item.password }}"
  loop: "{{ hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys }}"