diff --git a/config/automatrop/playbooks/default.yml b/config/automatrop/playbooks/default.yml index bb4d552..dbf178f 100644 --- a/config/automatrop/playbooks/default.yml +++ b/config/automatrop/playbooks/default.yml @@ -16,6 +16,8 @@ when: encrypt_home_stacked_fs - role: dotfiles tags: dotfiles + - role: gnupg + tags: gnupg - role: mnussbaum.base16-builder-ansible # Required for desktop_environment tags: - color diff --git a/config/automatrop/roles/gnupg/tasks/main.yml b/config/automatrop/roles/gnupg/tasks/main.yml new file mode 100644 index 0000000..24abc82 --- /dev/null +++ b/config/automatrop/roles/gnupg/tasks/main.yml @@ -0,0 +1,51 @@ +- name: Create GnuPG directory + file: + path: "{{ gnupghome }}" + state: directory + mode: "u=rwx" + +- name: Create GnuPG configuration files + file: + path: "{{ gnupghome }}/{{ item }}" + state: file + mode: "u=rw,g=r,o=r" + loop: + - gpg-agent.conf + - gpg.conf + +- name: Configure GnuPG + lineinfile: + path: "{{ gnupghome }}/gpg.conf" + regex: "^#?\\s*{{ item.key }}\\s" + line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}" + loop: + # Remove fluff + - key: no-greeting + - key: no-emit-version + - key: no-comments + # Output format that I prefer + - key: keyid-format + value: 0xlong + # Show fingerprints + - key: with-fingerprint + # Make sure to show if key is invalid + # (should be default on most platform, + # but just to be sure) + - key: list-options + value: show-uid-validity + - key: verify-options + value: show-uid-validity + # Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm) + - key: personal-digest-preferences + value: SHA512 + - key: cert-digest-algo + value: SHA512 + - key: default-preference-list + value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed + - key: personal-cipher-preferences + value: TWOFISH CAMELLIA256 AES 3DES +# TODO Set default-key in extensions depending on which ones are available +# TODO Add enable-ssh-support to gpg-agent.conf in extensions to signal shenv that we should not use the SSH agent + +# TODO Import 0x8312C8CAC1BAC289 with https://github.com/netson/ansible-gpg-key, +# think about the source diff --git a/config/automatrop/roles/gnupg/vars/main.yml b/config/automatrop/roles/gnupg/vars/main.yml new file mode 100644 index 0000000..fb95fd1 --- /dev/null +++ b/config/automatrop/roles/gnupg/vars/main.yml @@ -0,0 +1 @@ +gnupghome: "{{ ansible_user_dir }}/.config/gnupg" diff --git a/config/automatrop/roles/software/templates/snippets/pm_terminal_essentials.j2 b/config/automatrop/roles/software/templates/snippets/pm_terminal_essentials.j2 index 813fc28..9350e26 100644 --- a/config/automatrop/roles/software/templates/snippets/pm_terminal_essentials.j2 +++ b/config/automatrop/roles/software/templates/snippets/pm_terminal_essentials.j2 @@ -3,6 +3,7 @@ man visidata insect translate-shell +gnupg {# Editor #} {% if termux %} nvim diff --git a/config/shell/shenv b/config/shell/shenv index b8dcac9..a6859c6 100644 --- a/config/shell/shenv +++ b/config/shell/shenv @@ -108,6 +108,7 @@ prependpath "$HOME/.config/scripts" # SSH Agent + # If GPG agent is configured for SSH if grep -q ^enable-ssh-support$ $GNUPGHOME/gpg-agent.conf 2> /dev/null then @@ -138,3 +139,6 @@ else start_agent fi fi + +# TODO Service sytem that works without systemd, +# and can stop processes on logout diff --git a/config/vim/pluginlist.vim b/config/vim/pluginlist.vim index 97f902c..3c229de 100644 --- a/config/vim/pluginlist.vim +++ b/config/vim/pluginlist.vim @@ -19,6 +19,7 @@ call plug#begin('~/.cache/vim/plugged') Plug 'chriskempson/base16-vim' Plug 'tpope/vim-surround' Plug 'tpope/vim-fugitive' +Plug 'shumphrey/fugitive-gitlab.vim' " Plug 'tpope/vim-repeat' " Regex for words, with case in mind