2023-11-02 19:51:54 +01:00
|
|
|
---
|
2021-06-29 20:54:25 +02:00
|
|
|
- name: Create GnuPG directory
|
2023-11-02 19:51:54 +01:00
|
|
|
ansible.builtin.file:
|
2021-06-29 20:54:25 +02:00
|
|
|
path: "{{ gnupghome }}"
|
|
|
|
state: directory
|
2023-11-02 19:51:54 +01:00
|
|
|
mode: u=rwx
|
2021-06-29 20:54:25 +02:00
|
|
|
|
|
|
|
- name: Create GnuPG configuration files
|
2023-11-02 19:51:54 +01:00
|
|
|
ansible.builtin.file:
|
2021-06-29 20:54:25 +02:00
|
|
|
path: "{{ gnupghome }}/{{ item }}"
|
|
|
|
state: file
|
2023-11-02 19:51:54 +01:00
|
|
|
mode: u=rw,g=r,o=r
|
2021-06-29 20:54:25 +02:00
|
|
|
loop:
|
|
|
|
- gpg-agent.conf
|
|
|
|
- gpg.conf
|
|
|
|
|
|
|
|
- name: Configure GnuPG
|
2023-11-02 19:51:54 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2021-06-29 20:54:25 +02:00
|
|
|
path: "{{ gnupghome }}/gpg.conf"
|
2023-11-02 19:51:54 +01:00
|
|
|
regex: ^#?\s*{{ item.key }}\s
|
2021-06-29 20:54:25 +02:00
|
|
|
line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
|
|
|
|
loop:
|
|
|
|
# Remove fluff
|
|
|
|
- key: no-greeting
|
|
|
|
- key: no-emit-version
|
|
|
|
- key: no-comments
|
|
|
|
# Output format that I prefer
|
|
|
|
- key: keyid-format
|
2023-11-02 19:51:54 +01:00
|
|
|
value: "0xlong"
|
2021-06-29 20:54:25 +02:00
|
|
|
# Show fingerprints
|
|
|
|
- key: with-fingerprint
|
|
|
|
# Make sure to show if key is invalid
|
|
|
|
# (should be default on most platform,
|
|
|
|
# but just to be sure)
|
|
|
|
- key: list-options
|
|
|
|
value: show-uid-validity
|
|
|
|
- key: verify-options
|
|
|
|
value: show-uid-validity
|
|
|
|
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
|
|
|
|
- key: personal-digest-preferences
|
|
|
|
value: SHA512
|
|
|
|
- key: cert-digest-algo
|
|
|
|
value: SHA512
|
|
|
|
- key: default-preference-list
|
|
|
|
value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
|
|
|
- key: personal-cipher-preferences
|
|
|
|
value: TWOFISH CAMELLIA256 AES 3DES
|
|
|
|
|
2021-06-29 21:40:11 +02:00
|
|
|
- name: Install Geoffrey Frogeye's key
|
|
|
|
gpg_key:
|
|
|
|
fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289
|
2021-11-11 21:53:40 +01:00
|
|
|
trust: 5
|