Soft-coded paths, changed to soft-coded defaults, for module parameters, registered more return values, added git defaultBranch name configuration task

roles/bootstrap/tasks/configure_core/git.yml

@@ -1,4 +1,14 @@
 ---
+- name: Set default branch name
+  become: yes
+  become_method: sudo
+  community.general.git_config:
+    name: init.defaultBranch
+    value: main
+    scope: system
+    add_mode: replace_all
+    state: present
+  register: gitedit_set
 - name: Set default git text editor
   become: yes
   become_method: sudo
@@ -11,20 +21,20 @@
   register: gitedit_set
 - name: Create directory for some git files
   file:
-    path: "{{ homedir }}/.config/git"
+    path: "{{ ansible_facts['user_dir'] }}/.config/git"
     state: directory
   register: gitdir_created
 - name: Create git commit message template file
   copy:
     src: git/gitmessage
-    dest: "{{ homedir }}/.config/git/gitmessage"
+    dest: "{{ ansible_facts['user_dir'] }}/.config/git/gitmessage"
     force: yes
     backup: yes
   register: gittemp_created
 - name: Set a commit template file for git
   community.general.git_config:
     name: commit.template
-    value: "{{ homedir }}/.config/git/gitmessage"
+    value: "{{ ansible_facts['user_dir'] }}/.config/git/gitmessage"
     scope: global
     add_mode: replace_all
     state: present
@@ -63,14 +73,14 @@
 - name: Create a boilerplate gitignore file for git
   copy:
     src: git/gitignore.sample
-    dest: "{{ homedir }}/.config/git/gitignore"
+    dest: "{{ ansible_facts['user_dir'] }}/.config/git/gitignore"
     force: yes
     backup: yes
   register: gitgignore_created
 - name: Set boilerplate gitignore file in global scope
   community.general.git_config:
     name: core.excludesfile
-    value: "{{ homedir }}/.config/git/gitignore"
+    value: "{{ ansible_facts['user_dir'] }}/.config/git/gitignore"
     scope: global
     add_mode: replace_all
     state: present
@@ -98,7 +108,7 @@
 - name: Set git username
   community.general.git_config:
     name: user.name
-    value: "{{ official_name | default(accts.username, true) }}"
+    value: "{{ official_name | default(ansible_facts['user_id'], true) }}"
     scope: global
     add_mode: replace_all
     state: present
@@ -106,7 +116,7 @@
 - name: Set git user email
   community.general.git_config:
     name: user.email
-    value: "{{ official_email | default(accts.email, true) }}"
+    value: "{{ official_email | default('admin@' ~ domain_name, true) }}"
     scope: global
     add_mode: replace_all
     state: present

roles/bootstrap/tasks/configure_core/gpg.yml

@@ -3,11 +3,11 @@
   block:
     - name: Create cipher directory for gocryptfs
       file:
-        path: "{{ homedir }}/.ciphers"
+        path: "{{ ansible_facts['user_dir'] }}/.ciphers"
         state: directory
     - name: Create a gocryptfs vault
       command:
-        argv: [/usr/bin/gocryptfs, -init, "{{ homedir }}/.ciphers"]
+        argv: [/usr/bin/gocryptfs, -init, "{{ ansible_facts['user_dir'] }}/.ciphers"]
         stdin: "{{ gcfs_password }}"
       register: gcfs_masterkey_created
     - name: Create temporary file for password
@@ -20,67 +20,70 @@
         path: "{{ tempfile_created.path }}"
         line: "{{ gcfs_password }}"
         state: present
+      when: tempfile_created
     - name: Create directory for storing gocryptfs decryption configuration files
       file:
-        path: "{{ homedir }}/.fskeys/ciphers"
+        path: "{{ ansible_facts['user_dir'] }}/.fskeys/ciphers"
         state: directory
     - name: Get gocryptfs decryption configuration file metadata
       stat:
-        path: "{{ homedir }}/.ciphers"
+        path: "{{ ansible_facts['user_dir'] }}/.ciphers"
       when: gcfs_masterkey_created.rc == 0
       register: gcfs_vault
-    - name: Copy gocryptfs decryption configuration to this directory
+    - name: Copy gocryptfs decryption configuration to another directory
       copy:
-        remote_src: "{{ homedir }}/.ciphers/gocryptfs.conf"
+        remote_src: "{{ ansible_facts['user_dir'] }}/.ciphers/gocryptfs.conf"
-        dest: "{{ homedir }}/.fskeys/ciphers/gocryptfs.conf"
+        dest: "{{ ansible_facts['user_dir'] }}/.fskeys/ciphers/gocryptfs.conf"
         force: yes
         backup: yes
+      register: gocryptfs_conf_copied
       when: gcfs_vault.stat.exists and gcfs_masterkey_created.rc == 0
-    - name: Create directory in which to mount decrypted gocryptfs vault
+    - name: Remove gocryptfs decryption configuration from source directory
       file:
-        path: "{{ homedir }}/.mnt/plains"
+        path: "{{ ansible_facts['user_dir'] }}/.ciphers/gocryptfs.conf"
-        state: directory
+        state: absent
+      register: gocryptfs_orig_conf_removed
+      when: gocryptfs_conf_copied
     - name: Mount the gocryptfs vault
       ansible.posix.mount:
-        src: "{{ homedir }}/.ciphers"
+        src: "{{ ansible_facts['user_dir'] }}/.ciphers"
-        path: "{{ homedir }}/.mnt/plains"
+        path: "{{ ansible_facts['user_dir'] }}/.mnt/ciphers.plain"
-        state: mounted
+        state: ephemeral
         fstype: fuse./usr/bin/gocryptfs
-        opts: "nofail,passfile={{ tempfile_created.path }},config={{ homedir }}/.fskeys/ciphers/gocryptfs.conf"
+        opts: "nofail,passfile={{ tempfile_created.path }},config={{ ansible_facts['user_dir'] }}/.fskeys/ciphers/gocryptfs.conf"
       register: gcfs_mounted
       when: gcfs_vault.stat.exists and gcfs_masterkey_created.rc == 0
     - name: Create directory in decrypted gocryptfs vault
       file:
-        path: "{{ homedir }}/.mnt/plains/gpg"
+        path: "{{ ansible_facts['user_dir'] }}/.mnt/ciphers.plain/gpg"
         state: directory
       when: gcfs_mounted
     - name: Copy GPG keypair
       copy:
-        src: "gpg/{{ accts.username }}/main.priv.asc"
+        src: "gpg/{{ ansible_facts['user_id'] }}/{{ item }}"
-        dest: "{{ homedir }}/.mnt/secrets/gpg/main.priv.asc"
+        dest: "{{ ansible_facts['user_dir'] }}/.mnt/ciphers.plain/gpg/{{ item }}"
         force: yes
         backup: yes
+      loop: "{{ query('fileglob', roles_path ~ 'bootstrap/files/gpg/' ~ ansible_facts['user_id'] ~ '/*') }}"
       register: gpgkeys_copied
       when: gcfs_mounted
-    #@TODO: Create handler that copies gcfs_masterkey_created text into decrypted vault in-between here
     - name: Import GPG keypair
       become: yes
       become_method: sudo
       command:
-        argv: [gpg, --import, "{{ homedir }}/.mnt/secrets/gpg/main.priv.asc"]
+        argv: [gpg, --import, "{{ ansible_facts['user_dir'] }}/.mnt/ciphers.plain/gpg/{{ item }}"]
+      loop: "{{ query('fileglob', roles_path ~ 'bootstrap/files/gpg/' ~ ansible_facts['user_id'] ~ '/*') }}"
       register: gpgkeys_imported
       when: gpgkeys_copied and gcfs_mounted
-    # - name: Unmount the gocryptfs vault
+    #@TODO create handler that sends copy of gcfs_masterkey_created somehow
-    #   ansible.posix.mount:
-    #     path: "{{ homedir }}/.mnt/plains"
-    #     state: unmounted
-    #     fstype: fuse
-    #     opts: "u"
-    #   register: gcfs_unmounted
-    #   when: gpg_keys_copied and gcfs_mounted
     - name: Unmount the gocryptfs vault
-      command:
+      ansible.posix.mount:
-        argv: [fusermount, -u, "{{ homedir }}/.mnt/plains"]
+        path: "{{ ansible_facts['user_dir'] }}/.mnt/plains"
+        state: unmounted
+      register: gcfs_unmounted
       when: gpgkeys_copied and gcfs_mounted
+    # - name: Unmount the gocryptfs vault
+    #   command:
+    #     argv: [fusermount, -u, "{{ ansible_facts['user_dir'] }}/.mnt/plains"]
+    #   when: gpgkeys_copied and gcfs_mounted
   register: gpg_keypair_copy
-  tags: ['copy_gpg']