# 'preferred_signing_key' -> 'gpg_preferred_signing' # 'gpg_or_ssh_git_signing' -> 'git_signing_key_type' - name: Install git package ansible.builtin.package: name: git state: latest - name: Configure git name and email block: - name: Configure git name community.general.git_config: name: user.name scope: global state: present value: "{{ git_config_name }}" - name: Configure git email community.general.git_config: name: user.email scope: global state: present value: "{{ git_config_email }}" - name: Configure git signing GPG key when: git_signing_key_type == "gpg" block: - name: Configure specified git signing GPG key when: preferred_signing_key > -1 community.general.git_config: name: user.signingkey scope: global state: present value: "{{ gpg_origin_private_keyids[preferred_signing_key] }}" register: selected_signing_key - name: Configure random git signing GPG key when: preferred_signing_key <= -1 community.general.git_config: name: user.signingkey scope: global state: present value: "{{ gpg_origin_private_keyids | random }}" register: selected_signing_key - name: Configure git signing SSH key when: git_signing_key_type == "ssh" block: - name: Acquire SSH key-pairs from other system when: not files_mode block: - name: Acquire private SSH keys from other system delegate_to: "{{ ssh_keypairs_origin_host }}" ansible.builtin.command: argv: - cat - "~/.ssh/{{ item }}.ppk" loop: "{{ ssh_origin_keypairs_filenames }}" register: ssh_secrets - name: Find SSH public keys in other system delegate_to: "{{ ssh_keypairs_origin_host }}" ansible.builtin.command: argv: - cat - "~/.ssh/{{ item }}.pub" loop: "{{ ssh_origin_keypairs_filenames }}" register: ssh_nonsecrets - name: Create private SSH keys ansible.builtin.copy: content: "{{ item }}" dest: "{{ ansible_facts['user_dir'] }}/.ssh/{{ ssh_origin_keypairs_filenames[idx] }}.ppk" force: yes backup: yes mode: "0600" state: present loop: "{{ ssh_secrets.results }}" loop_control: index_var: idx register: created_ssh_private_keys - name: Create public SSH keys ansible.builtin.copy: content: "{{ item }}" dest: "{{ ansible_facts['user_dir'] }}/.ssh/{{ ssh_origin_keypairs_filenames[idx] }}.pub" force: yes backup: yes mode: "0644" state: present loop: "{{ ssh_nonsecrets.results }}" loop_control: index_var: idx register: created_ssh_public_keys - name: Acquire SSH key-pairs when: files_mode block: - name: Transfer private SSH keys ansible.builtin.copy: src: ssh/{{ ansible_facts['user_id'] }}/{{ item }}.ppk dest: "{{ ansible_facts['user_dir'] }}/.ssh/{{ item }}.ppk" force: yes backup: yes mode: "0600" state: present loop: "{{ ssh_origin_keypairs_filenames }}" loop_control: index_var: idx register: created_ssh_private_keys - name: Transfer public SSH keys ansible.builtin.copy: src: ssh/{{ ansible_facts['user_id'] }}/{{ item }}.pub dest: "{{ ansible_facts['user_dir'] }}/.ssh/{{ item }}.pub" force: yes backup: yes mode: "0644" state: present loop: "{{ ssh_origin_keypairs_filenames }}" loop_control: index_var: idx register: created_ssh_public_keys - name: Configure acquired, specified SSH public key as git signing key when: preferred_signing_key > -1 community.general.git_config: name: user.signingkey scope: global state: present value: "{{ created_ssh_public_keys.results[preferred_signing_key] }}" register: selected_signing_key - name: Configure acquired, random SSH public key as git signing key when: preferred_signing_key <= -1 community.general.git_config: name: user.signingkey scope: global state: present value: "{{ created_ssh_public_keys.results | random }}" register: selected_signing_key