---
- name: Copy and import GPG keypairs to remote host
  block:
    - name: Create cipher directory for gocryptfs
      file:
        path: "{{ homedir }}/.ciphers"
        state: directory
    - name: Create a gocryptfs vault
      command:
        argv: [/usr/bin/gocryptfs, -init, "{{ homedir }}/.ciphers"]
        stdin: "{{ gcfs_password }}"
      register: gcfs_masterkey_created
    - name: Create temporary file for password
      tempfile:
        prefix: gcfs_passfile
        state: file
      register: tempfile_created
    - name: Create directory for storing gocryptfs decryption configuration files
      file:
        path: "{{ homedir }}/.fskeys/ciphers"
        state: directory
    - name: Get gocryptfs decryption configuration file metadata
      stat:
        path: "{{ homedir }}/.ciphers"
      when: gcfs_masterkey_created.rc == 0
      register: gcfs_vault
    - name: Copy gocryptfs decryption configuration to this directory
      copy:
        remote_src: "{{ homedir }}/.ciphers/gocryptfs.conf"
        dest: "{{ homedir }}/.fskeys/ciphers/gocryptfs.conf"
        force: yes
        backup: yes
      when: gcfs_vault.stat.exists and gcfs_masterkey_created.rc == 0
    - name: Create directory in which to mount decrypted gocryptfs vault
      file:
        path: "{{ homedir }}/.mnt/plains"
        state: directory
    - name: Mount the gocryptfs vault
      ansible.posix.mount:
        src: "{{ homedir }}/.ciphers"
        path: "{{ homedir }}/.mnt/plains"
        state: mounted
        fstype: fuse./usr/bin/gocryptfs
        opts: "nofail,passfile={{ tempfile_created.path }},config={{ homedir }}/.fskeys/ciphers/gocryptfs.conf"
      register: gcfs_mounted
      when: gcfs_vault.stat.exists and gcfs_masterkey_created.rc == 0
    - name: Create directory in decrypted gocryptfs vault
      file:
        path: "{{ homedir }}/.mnt/plains/gpg"
        state: directory
      when: gcfs_mounted
    - name: Copy GPG keypair
      copy:
        src: "gpg/{{ accts.username }}/main.priv.asc"
        dest: "{{ homedir }}/.mnt/secrets/gpg/main.priv.asc"
        force: yes
        backup: yes
      register: gpgkeys_copied
      when: gcfs_mounted
    #@TODO: Create handler that copies gcfs_masterkey_created text into decrypted vault in-between here
    - name: Import GPG keypair
      become: yes
      become_method: sudo
      command:
        argv: [gpg, --import, "{{ homedir }}/.mnt/secrets/gpg/main.priv.asc"]
      register: gpgkeys_imported
      when: gpgkeys_copied and gcfs_mounted
    # - name: Unmount the gocryptfs vault
    #   ansible.posix.mount:
    #     path: "{{ homedir }}/.mnt/plains"
    #     state: unmounted
    #     fstype: fuse
    #     opts: "u"
    #   register: gcfs_unmounted
    #   when: gpg_keys_copied and gcfs_mounted
    - name: Unmount the gocryptfs vault
      command:
        argv: [fusermount, -u, "{{ homedir }}/.mnt/plains"]
      when: gpgkeys_copied and gcfs_mounted
  register: gpg_keypair_copy
  tags: ['copy_gpg']