dotfiles/config/automatrop/roles/gnupg/tasks/main.yml

53 lines
1.5 KiB
YAML
Raw Normal View History

2023-11-02 19:51:54 +01:00
---
2021-06-29 20:54:25 +02:00
- name: Create GnuPG directory
2023-11-02 19:51:54 +01:00
ansible.builtin.file:
2021-06-29 20:54:25 +02:00
path: "{{ gnupghome }}"
state: directory
2023-11-02 19:51:54 +01:00
mode: u=rwx
2021-06-29 20:54:25 +02:00
- name: Create GnuPG configuration files
2023-11-02 19:51:54 +01:00
ansible.builtin.file:
2021-06-29 20:54:25 +02:00
path: "{{ gnupghome }}/{{ item }}"
state: file
2023-11-02 19:51:54 +01:00
mode: u=rw,g=r,o=r
2021-06-29 20:54:25 +02:00
loop:
- gpg-agent.conf
- gpg.conf
- name: Configure GnuPG
2023-11-02 19:51:54 +01:00
ansible.builtin.lineinfile:
2021-06-29 20:54:25 +02:00
path: "{{ gnupghome }}/gpg.conf"
2023-11-02 19:51:54 +01:00
regex: ^#?\s*{{ item.key }}\s
2021-06-29 20:54:25 +02:00
line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
loop:
# Remove fluff
- key: no-greeting
- key: no-emit-version
- key: no-comments
# Output format that I prefer
- key: keyid-format
2023-11-02 19:51:54 +01:00
value: "0xlong"
2021-06-29 20:54:25 +02:00
# Show fingerprints
- key: with-fingerprint
# Make sure to show if key is invalid
# (should be default on most platform,
# but just to be sure)
- key: list-options
value: show-uid-validity
- key: verify-options
value: show-uid-validity
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
- key: personal-digest-preferences
value: SHA512
- key: cert-digest-algo
value: SHA512
- key: default-preference-list
value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
- key: personal-cipher-preferences
value: TWOFISH CAMELLIA256 AES 3DES
- name: Install Geoffrey Frogeye's key
gpg_key:
fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289
2021-11-11 21:53:40 +01:00
trust: 5