- name: Define the location of the gnupg folder set_fact: gnupg_folder: "/home/{{ control_user }}/.gnupg" # -------------------------------------------------- # Store git credentials with GPG and .netrc because SSH is too complicated for Gitea on Docker - name: Remove existing .netrc file: path: "{{ gnupg_folder }}/.netrc" state: absent delegate_to: "{{ control_host }}" - name: Remove existing .netrc.gpg file: path: "{{ gnupg_folder }}/.netrc.gpg" state: absent delegate_to: "{{ control_host }}" # -------------------------------------------------- - name: Reminder to generate GPG key by hand pause: prompt: "Generate GPG key using gpg --gen-key --homedir /home/{{ control_user }}/.gnupg --pinentry-mode loopback" delegate_to: "{{ control_host }}" - name: Set up .netrc template: src: "conf/.netrc.j2" dest: "{{ gnupg_folder }}/.netrc" owner: 1000 group: 1000 mode: 0600 delegate_to: "{{ control_host }}" - name: Encrypt .netrc command: gpg -e -r opnxng@tuta.io {{ gnupg_folder }}/.netrc delegate_to: "{{ control_host }}" - name: Clear .netrc copy: content: '# Clear' dest: "{{ gnupg_folder }}/.netrc" delegate_to: "{{ control_host }}" - name: Remove .netrc file: path: "{{ gnupg_folder }}/.netrc" state: absent delegate_to: "{{ control_host }}" - name: Curl git-credential-netrc shell: curl -s 'https://raw.githubusercontent.com/git/git/master/contrib/credential/netrc/git-credential-netrc.perl' > /usr/bin/git-credential-netrc ignore_errors: true delegate_to: "{{ control_host }}" become: true - name: Set git-credential-netrc permissions file: path: "/usr/bin/git-credential-netrc" state: touch mode: '0755' owner: 1000 group: 1000 delegate_to: "{{ control_host }}" become: true - name: Use git-credential-netrc command: "git config --global credential.helper '/usr/bin/git-credential-netrc -f {{ gnupg_folder }}/.netrc.gpg -v'" delegate_to: "{{ control_host }}" - name: Ensure gpg-agent.conf file exists file: path: "{{ gnupg_folder }}/gpg-agent.conf" state: touch mode: '0755' owner: 1000 group: 1000 delegate_to: "{{ control_host }}" become: true - name: Add pinentry-program to gpg-agent.conf on control host lineinfile: path: "{{ gnupg_folder }}/gpg-agent.conf" line: "pinentry-program /usr/bin/pinentry-curses" delegate_to: "{{ control_host }}" - name: Add ssh support to gpg-agent.conf on control host lineinfile: path: "{{ gnupg_folder }}/gpg-agent.conf" line: "enable-ssh-support" delegate_to: "{{ control_host }}"