Added tags to several tasks, and added tasks that allow import of GPG private keys to remote host

2025-09-06 13:50:14 -04:00
parent 6091dfffa1
commit d7b22019b5
1 changed files with 32 additions and 5 deletions
--- a/playbooks/init_login.yml
+++ b/playbooks/init_login.yml
@@ -15,6 +15,13 @@
    # ansible_password: "{{ passwords[0].password }}"
    # ansible_ssh_pass: "{{ passwords[0].username }}"
    # ansible_ssh_password: "{{ passwords[0].username }}"
+    ansible_python_interpreter: “{{ ansible_playbook_python }}”
+    personal_computers: locals # @NOTE can change to *_households group or {{ name }}_{{ surname }} group name
+  vars_prompt:
+    - name: gpg_import_passwords
+      prompt: Enter space-wrapped colon -separated list of GPG private key passwords
+      unsafe: yes
+      private: yes
  tasks:
    - name: Disable shell access for root
      ansible.builtin.include_role:
@@ -41,6 +48,7 @@
        state: present
      tags:
        - default
+        - source_sys_bashrc
    - name: Create global bash functions
      become: yes
      ansible.builtin.copy:
@@ -55,6 +63,7 @@
        state: present
      tags:
        - default
+        - source_sys_bashrc
    - name: Register bash aliases and functions to global bashrc
      become: yes
      ansible.builtin.blockinfile:
@@ -77,6 +86,7 @@
        state: present
      tags:
        - default
+        - source_sys_bashrc
    - name: Start XDG configuration tasks if in servers group 
      when: "'servers' in group_names and ansible_connection != 'local'"
      become: yes
@@ -105,9 +115,10 @@
            state: present
      tags:
        - default
+        - create_xdg_config
        - servers_exclusive
-    - name: Start XDG configuration tasks if in locals group 
-      when: "'locals' in group_names or ansible_connection == 'local'"
+    - name: Start XDG configuration tasks if current host in specified group
+      when: "personal_computers in group_names or ansible_connection == 'local'"
      become: yes
      block:
        - name: Create XDG user home directory environment variables
@@ -134,9 +145,10 @@
            state: present
      tags:
        - default
+        - create_xdg_config
        - locals_exclusive
-    - name: Start SSH configuration tasks if in locals group
-      when: "'locals' in group_names or ansible_connection == 'local'"
+    - name: Start SSH configuration tasks if current host in specified group
+      when: "personal_computers in group_names or ansible_connection == 'local'"
      become: yes
      block:
        - name: Create user SSH configuration
@@ -152,5 +164,20 @@
            state: present
      tags:
        - default
+        - create_ssh_config
        - locals_exclusive
+    - name: Import GPG private keys
+      ansible.builtin.include_role:
+        name: lockdown
+        defaults_from: main
+        vars_from: main
+        handlers_from: main
+        tasks_from: gpg
+      vars:
+        gpg_keys_origin_host: localhost
+        gpg_origin_private_key_passwords: "{{ gpg_import_passwords | split(' : ') }}"
+      tags:
+        - default
+        - import_gpg_privkeys
+