From dd29aa738459c1ef363b6703cbbb5d39993739e4 Mon Sep 17 00:00:00 2001
From: Alex Tavarez <admin@sukaato.moe>
Date: Sat, 6 Sep 2025 13:47:33 -0400
Subject: [PATCH] Created gpg-related tasks for lockdown role for post-lockdown
 initial set-up

---
 .ansible/roles/lockdown/tasks/gpg.yml | 38 +++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .ansible/roles/lockdown/tasks/gpg.yml

diff --git a/.ansible/roles/lockdown/tasks/gpg.yml b/.ansible/roles/lockdown/tasks/gpg.yml
new file mode 100644
index 0000000..4013b17
--- /dev/null
+++ b/.ansible/roles/lockdown/tasks/gpg.yml
@@ -0,0 +1,38 @@
+---
+- name: Acquire GPG private keys from other system
+  delegate_to: "{{ gpg_private_keys_origin_host }}"
+  ansible.builtin.command:
+    argv:
+      - gpg
+      - -a
+      - --export-secret-key
+      - "{{ item }}"
+  loop: "{{ gpg_origin_private_keyids }}"
+  register: gpg_secrets
+- name: Create GPG private keys
+  ansible.builtin.copy:
+    content: "{{ item }}"
+    dest: "{{ ansible_facts['user_dir'] }}/.gnupg/{{ ansible_facts['user_dir'] }}-{{ idx }}.priv.asc"
+    force: yes
+    backup: yes
+    mode: "0600"
+    state: present
+  loop: "{{ gpg_secrets.results }}"
+  loop_control:
+    index_var: idx
+  register: created_gpg_private_keys
+- name: Import GPG private keys
+  when: (gpg_origin_private_key_passwords | length) == (gpg_origin_private_keyids | length)
+  ansible.builtin.command:
+    argv:
+      - gpg
+      - --batch
+      - --import
+      - --yes
+      - --passphrase-fd
+      - 0
+      - "{{ item.dest }}"
+    stdin: "{{ gpg_origin_private_key_passwords[idx] }}"
+  loop: "{{ created_gpg_private_keys.results }}"
+  loop_control:
+    index_var: idx
\ No newline at end of file