GnuPG configuration start

This commit is contained in:
Geoffrey Frogeye 2021-06-29 20:54:25 +02:00
parent 121f629bdb
commit 48031d8df7
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
6 changed files with 60 additions and 0 deletions

View file

@ -16,6 +16,8 @@
when: encrypt_home_stacked_fs
- role: dotfiles
tags: dotfiles
- role: gnupg
tags: gnupg
- role: mnussbaum.base16-builder-ansible # Required for desktop_environment
tags:
- color

View file

@ -0,0 +1,51 @@
- name: Create GnuPG directory
file:
path: "{{ gnupghome }}"
state: directory
mode: "u=rwx"
- name: Create GnuPG configuration files
file:
path: "{{ gnupghome }}/{{ item }}"
state: file
mode: "u=rw,g=r,o=r"
loop:
- gpg-agent.conf
- gpg.conf
- name: Configure GnuPG
lineinfile:
path: "{{ gnupghome }}/gpg.conf"
regex: "^#?\\s*{{ item.key }}\\s"
line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
loop:
# Remove fluff
- key: no-greeting
- key: no-emit-version
- key: no-comments
# Output format that I prefer
- key: keyid-format
value: 0xlong
# Show fingerprints
- key: with-fingerprint
# Make sure to show if key is invalid
# (should be default on most platform,
# but just to be sure)
- key: list-options
value: show-uid-validity
- key: verify-options
value: show-uid-validity
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
- key: personal-digest-preferences
value: SHA512
- key: cert-digest-algo
value: SHA512
- key: default-preference-list
value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
- key: personal-cipher-preferences
value: TWOFISH CAMELLIA256 AES 3DES
# TODO Set default-key in extensions depending on which ones are available
# TODO Add enable-ssh-support to gpg-agent.conf in extensions to signal shenv that we should not use the SSH agent
# TODO Import 0x8312C8CAC1BAC289 with https://github.com/netson/ansible-gpg-key,
# think about the source

View file

@ -0,0 +1 @@
gnupghome: "{{ ansible_user_dir }}/.config/gnupg"

View file

@ -3,6 +3,7 @@ man
visidata
insect
translate-shell
gnupg
{# Editor #}
{% if termux %}
nvim

View file

@ -108,6 +108,7 @@ prependpath "$HOME/.config/scripts"
# SSH Agent
# If GPG agent is configured for SSH
if grep -q ^enable-ssh-support$ $GNUPGHOME/gpg-agent.conf 2> /dev/null
then
@ -138,3 +139,6 @@ else
start_agent
fi
fi
# TODO Service sytem that works without systemd,
# and can stop processes on logout

View file

@ -19,6 +19,7 @@ call plug#begin('~/.cache/vim/plugged')
Plug 'chriskempson/base16-vim'
Plug 'tpope/vim-surround'
Plug 'tpope/vim-fugitive'
Plug 'shumphrey/fugitive-gitlab.vim'
" Plug 'tpope/vim-repeat'
" Regex for words, with case in mind