# 'preferred_gpg_signing_key' -> 'gpg_preferred_signing'
# 'gpg_or_ssh_git_signing' -> 'git_signing_key_type'
- name: Install git package
  ansible.builtin.package:
    name: git
    state: latest
- name: Configure git name and email
  block:
  - name: Configure git name
    community.general.git_config:
      name: user.name
      scope: global
      state: present
      value: "{{ git_config_name }}"
  - name: Configure git email
    community.general.git_config:
      name: user.email
      scope: global
      state: present
      value: "{{ git_config_email }}"
- name: Configure git signing GPG key
  when: git_signing_key_type == "gpg"
  block:
  - name: Configure specified git signing GPG key
    when: preferred_gpg_signing_key > -1
    community.general.git_config:
      name: user.signingkey
      scope: global
      state: present
      value: "{{ gpg_origin_private_keyids[preferred_gpg_signing_key] }}"
  - name: Configure random git signing GPG key
    when: preferred_gpg_signing_key <= -1
    community.general.git_config:
      name: user.signingkey
      scope: global
      state: present
      value: "{{ gpg_origin_private_keyids | random }}"
    register: randomized_gpg_key_preference
- name: Configure git signing SSH key
  when: git_signing_key_type == "ssh"
  block:
  - name: Acquire SSH key-pairs from other system
    when: not files_mode
    block:
    - name: Acquire private SSH keys from other system
      delegate_to: "{{ ssh_keypairs_origin_host }}" # @TODO variable needs declaration/definition
      ansible.builtin.command:
        argv:
        - cat
        - ~/.ssh/"{{ item }}.ppk"
      loop: "{{ ssh_origin_keypairs_paths }}" # @TODO variable needs declaration/definition--should have max 2 items each without file extension, with private and then public keys having same basename
      register: ssh_secrets
    - name: Find SSH public keys in other system
      delegate_to: "{{ ssh_keypairs_origin_host }}" # @TODO variable needs declaration/definition
      ansible.builtin.command:
        argv:
        - cat
        - ~/.ssh/"{{ item }}.pub"
      loop: "{{ ssh_origin_keypairs_paths }}" # @TODO variable needs declaration/definition--should have max 2 items each without file extension, with private and then public keys having same basename
      register: ssh_nonsecrets
    - name: Create private SSH keys
      ansible.builtin.copy:
        content: "{{ item }}"
        dest: "{{ ansible_facts['user_dir'] }}/.ssh/id_ed25519_git.ppk"
        force: yes
        backup: yes
        mode: "0600"
        state: present
      loop: "{{ ssh_secrets.results }}"
      register: created_ssh_private_keys
    - name: Create public SSH keys
      ansible.builtin.copy:
        content: "{{ item }}"
        dest: "{{ ansible_facts['user_dir'] }}/.ssh/id_ed25519_git.pub"
        force: yes
        backup: yes
        mode: "0644"
        state: present
      loop: "{{ ssh_nonsecrets.results }}"
      register: created_ssh_public_keys
  - name: Acquire SSH key-pairs
    when: files_mode
    block:
    - name: Transfer private SSH keys
      ansible.builtin.copy:
        src: files/all/ssh/id_ed25519_git.ppk # @TODO change path if and when moved into lockdown role task file and create corresponding file in lockdown role files dir
        dest: "{{ ansible_facts['user_dir'] }}/.ssh/id_ed25519_git.ppk"
        force: yes
        backup: yes
        mode: "0600"
        state: present
      register: created_ssh_private_key
    - name: Transfer public SSH keys
      ansible.builtin.copy:
        src: files/all/ssh/id_ed25519_git.pub # @TODO change path if and when moved into lockdown role task file and create corresponding file in lockdown role files dir
        dest: "{{ ansible_facts['user_dir'] }}/.ssh/id_ed25519_git.pub"
        force: yes
        backup: yes
        mode: "0644"
        state: present
      register: created_ssh_public_key
  - name: Configure acquired, specified SSH public key as git signing key
    when: ssh_preferred_signing > -1 and not files_mode
    community.general.git_config:
      name: user.signingkey
      scope: global
      state: present
      value: "{{ created_ssh_public_keys.results[ssh_preferred_signing] }}" # @TODO this variable needs declaration/definition
  - name: Configure acquired, random SSH public key as git signing key
    when: ssh_preferred_signing <= -1 and not files_mode
    community.general.git_config:
      name: user.signingkey
      scope: global
      state: present
      value: "{{ created_ssh_public_keys.results | random  }}" # @TODO this variable needs declaration/definition
    register: randomized_ssh_pubkey_preference
  - name: Configure transferred SSH public key as git signing key
    when: ssh_preferred_signing <= -1 and files_mode
    community.general.git_config:
      name: user.signingkey
      scope: global
      state: present
      value: "{{ created_ssh_public_key.dest }}"