---
- name: Copy and import GPG keypairs to remote host
  block:
    - name: Create cipher directory for gocryptfs
      file:
        path: "{{ ansible_facts['user_dir'] }}/.ciphers"
        state: directory
    - name: Create a gocryptfs vault
      command:
        argv: [/usr/bin/gocryptfs, -init, "{{ ansible_facts['user_dir'] }}/.ciphers"]
        stdin: "{{ gcfs_password }}"
      register: gcfs_masterkey_created
    - name: Create temporary file for password
      tempfile:
        prefix: gcfs_passfile
        state: file
      register: tempfile_created
    - name: Put password in temporary file
      lineinfile:
        path: "{{ tempfile_created.path }}"
        line: "{{ gcfs_password }}"
        state: present
      when: tempfile_created
    - name: Create directory for storing gocryptfs decryption configuration files
      file:
        path: "{{ ansible_facts['user_dir'] }}/.fskeys/ciphers"
        state: directory
    - name: Get gocryptfs decryption configuration file metadata
      stat:
        path: "{{ ansible_facts['user_dir'] }}/.ciphers"
      when: gcfs_masterkey_created.rc == 0
      register: gcfs_vault
    - name: Copy gocryptfs decryption configuration to another directory
      copy:
        remote_src: "{{ ansible_facts['user_dir'] }}/.ciphers/gocryptfs.conf"
        dest: "{{ ansible_facts['user_dir'] }}/.fskeys/ciphers/gocryptfs.conf"
        force: yes
        backup: yes
      register: gocryptfs_conf_copied
      when: gcfs_vault.stat.exists and gcfs_masterkey_created.rc == 0
    - name: Remove gocryptfs decryption configuration from source directory
      file:
        path: "{{ ansible_facts['user_dir'] }}/.ciphers/gocryptfs.conf"
        state: absent
      register: gocryptfs_orig_conf_removed
      when: gocryptfs_conf_copied
    - name: Mount the gocryptfs vault
      ansible.posix.mount:
        src: "{{ ansible_facts['user_dir'] }}/.ciphers"
        path: "{{ ansible_facts['user_dir'] }}/.mnt/ciphers.plain"
        state: ephemeral
        fstype: fuse./usr/bin/gocryptfs
        opts: "nofail,passfile={{ tempfile_created.path }},config={{ ansible_facts['user_dir'] }}/.fskeys/ciphers/gocryptfs.conf"
      register: gcfs_mounted
      when: gcfs_vault.stat.exists and gcfs_masterkey_created.rc == 0
    - name: Create directory in decrypted gocryptfs vault
      file:
        path: "{{ ansible_facts['user_dir'] }}/.mnt/ciphers.plain/gpg"
        state: directory
      when: gcfs_mounted
    - name: Copy GPG keypair
      copy:
        src: "gpg/{{ ansible_facts['user_id'] }}/{{ item }}"
        dest: "{{ ansible_facts['user_dir'] }}/.mnt/ciphers.plain/gpg/{{ item }}"
        force: yes
        backup: yes
      loop: "{{ query('fileglob', roles_path ~ 'bootstrap/files/gpg/' ~ ansible_facts['user_id'] ~ '/*') }}"
      register: gpgkeys_copied
      when: gcfs_mounted
    - name: Import GPG keypair
      become: yes
      become_method: sudo
      command:
        argv: [gpg, --import, "{{ ansible_facts['user_dir'] }}/.mnt/ciphers.plain/gpg/{{ item }}"]
      loop: "{{ query('fileglob', roles_path ~ 'bootstrap/files/gpg/' ~ ansible_facts['user_id'] ~ '/*') }}"
      register: gpgkeys_imported
      when: gpgkeys_copied and gcfs_mounted
    #@TODO create handler that sends copy of gcfs_masterkey_created somehow
    - name: Unmount the gocryptfs vault
      ansible.posix.mount:
        path: "{{ ansible_facts['user_dir'] }}/.mnt/plains"
        state: unmounted
      register: gcfs_unmounted
      when: gpgkeys_copied and gcfs_mounted
    # - name: Unmount the gocryptfs vault
    #   command:
    #     argv: [fusermount, -u, "{{ ansible_facts['user_dir'] }}/.mnt/plains"]
    #   when: gpgkeys_copied and gcfs_mounted
  register: gpg_keypair_copy