39 lines
1.8 KiB
YAML
39 lines
1.8 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for bootstrap
|
|
- name: Create GNUPGP directory in user home directory
|
|
when: ansible_facts['user_id'] in hostvars[inventory_hostname].users
|
|
ansible.builtin.file:
|
|
group: "{{ hostvars[inventory_hostname].users[ansible_facts['user_id']].group | default(ansible_facts['user_id']) }}"
|
|
mode: "0700"
|
|
owner: "{{ ansible_facts['user_id'] }}"
|
|
path: "{{ ansible_facts['user_dir'] }}/.gnupg"
|
|
state: directory
|
|
- name: Create GPG key files
|
|
when: ansible_facts['user_id'] in hostvars[inventory_hostname].users and hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys is not None and len(hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys) > 0
|
|
ansible.builtin.copy:
|
|
backup: true
|
|
dest: "{{ ansible_facts['user_dir'] }}/.gnupg/{{ item.id }}.key"
|
|
force: true
|
|
group: "{{ hostvars[inventory_hostname].users[ansible_facts['user_id']].group | default(ansible_facts['user_id']) }}"
|
|
mode: "0600"
|
|
owner: "{{ ansible_facts['user_id'] }}"
|
|
src: "gnupg/{{ item.id }}.key"
|
|
# validate: "gpg --verify {{ item.id }}.sig %s"
|
|
loop: "{{ hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys }}"
|
|
register: created_gpg_keys
|
|
- name: Import GPG key files
|
|
when: ansible_facts['user_id'] in hostvars[inventory_hostname].users and hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys is not None and len(hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys) > 0
|
|
ansible.builtin.command:
|
|
argv:
|
|
- gpg
|
|
- --batch
|
|
- --passphrase-fd 0
|
|
- --import
|
|
- "{{ ansible_facts['user_dir'] }}/.gnupg/{{ item.id }}.key"
|
|
stdin: "{{ item.password }}"
|
|
loop: "{{ hostvars[inventory_hostname].users[ansible_facts['user_id']].gpg_keys }}"
|
|
|
|
|
|
|