dotfiles/config/automatrop/roles/gnupg/tasks/main.yml

53 lines
1.5 KiB
YAML

---
- name: Create GnuPG directory
ansible.builtin.file:
path: "{{ gnupghome }}"
state: directory
mode: u=rwx
- name: Create GnuPG configuration files
ansible.builtin.file:
path: "{{ gnupghome }}/{{ item }}"
state: file
mode: u=rw,g=r,o=r
loop:
- gpg-agent.conf
- gpg.conf
- name: Configure GnuPG
ansible.builtin.lineinfile:
path: "{{ gnupghome }}/gpg.conf"
regex: ^#?\s*{{ item.key }}\s
line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
loop:
# Remove fluff
- key: no-greeting
- key: no-emit-version
- key: no-comments
# Output format that I prefer
- key: keyid-format
value: "0xlong"
# Show fingerprints
- key: with-fingerprint
# Make sure to show if key is invalid
# (should be default on most platform,
# but just to be sure)
- key: list-options
value: show-uid-validity
- key: verify-options
value: show-uid-validity
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
- key: personal-digest-preferences
value: SHA512
- key: cert-digest-algo
value: SHA512
- key: default-preference-list
value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
- key: personal-cipher-preferences
value: TWOFISH CAMELLIA256 AES 3DES
- name: Install Geoffrey Frogeye's key
gpg_key:
fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289
trust: 5