Fixed conditionals, made explicit superuser, added new app configurations

2025-07-21 16:54:18 -04:00
parent 85b1f6cd25
commit a904b6ddf4
5 changed files with 144 additions and 34 deletions
--- a/roles/bootstrap/handlers/gpg.yml
+++ b/roles/bootstrap/handlers/gpg.yml
@@ -22,7 +22,7 @@
    - name: Get gocryptfs decryption configuration file metadata
      stat:
        path: "{{ homedir }}/.ciphers"
-      when: gcfs_masterkey_created
+      when: gcfs_masterkey_created.rc == 0
      register: gcfs_vault
    - name: Copy gocryptfs decryption configuration to this directory
      copy:
@@ -30,7 +30,7 @@
        dest: "{{ homedir }}/.fskeys/ciphers/gocryptfs.conf"
        force: yes
        backup: yes
-      when: gcfs_vault.stat.exists and gcfs_masterkey_created
+      when: gcfs_vault.stat.exists and gcfs_masterkey_created.rc == 0
    - name: Create directory in which to mount decrypted gocryptfs vault
      file:
        path: "{{ homedir }}/.mnt/plains"
@@ -41,9 +41,9 @@
        path: "{{ homedir }}/.mnt/plains"
        state: mounted
        fstype: fuse./usr/bin/gocryptfs
-        opts: "nofail,passfile={{ tempfile_created }},config={{ homedir }}/.fskeys/ciphers/gocryptfs.conf"
+        opts: "nofail,passfile={{ tempfile_created.path }},config={{ homedir }}/.fskeys/ciphers/gocryptfs.conf"
      register: gcfs_mounted
-      when: gcfs_vault.stat.exists and gcfs_masterkey_created
+      when: gcfs_vault.stat.exists and gcfs_masterkey_created.rc == 0
    - name: Create directory in decrypted gocryptfs vault
      file:
        path: "{{ homedir }}/.mnt/plains/gpg"
@@ -56,7 +56,7 @@
        force: yes
        backup: yes
      register: gpgkeys_copied
-      when: gpg_key_extant and gcfs_mounted
+      when: gcfs_mounted
    #@TODO: Create handler that copies gcfs_masterkey_created text into decrypted vault in-between here
    - name: Import GPG keypair
      become: yes
@@ -64,7 +64,7 @@
      command:
        argv: [gpg, --import, "{{ homedir }}/.mnt/secrets/gpg/main.priv.asc"]
      register: gpgkeys_imported
-      when: gpgkeys_copied
+      when: gpgkeys_copied and gcfs_mounted
    # - name: Unmount the gocryptfs vault
    #   ansible.posix.mount:
    #     path: "{{ homedir }}/.mnt/plains"
@@ -77,5 +77,5 @@
      command:
        argv: [fusermount, -u, "{{ homedir }}/.mnt/plains"]
      when: gpgkeys_copied and gcfs_mounted
-  when: gpg_keypair_copy
+  register: gpg_keypair_copy
  tags: ['copy_gpg']