xenobyte/sukaato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a77110c0b0353fed5325294692a2de0867b1210
sukaato-ansible/.ansible/roles/lockdown/tasks/git.yml

129 lines
4.2 KiB
YAML
Raw Blame History

# 'preferred_signing_key' -> 'gpg_preferred_signing'
# 'gpg_or_ssh_git_signing' -> 'git_signing_key_type'
- name: Install git package
ansible.builtin.package:
name: git
state: latest
- name: Configure git name and email
block:
- name: Configure git name
community.general.git_config:
name: user.name
scope: global
state: present
value: "{{ git_config_name }}"
- name: Configure git email
community.general.git_config:
name: user.email
scope: global
state: present
value: "{{ git_config_email }}"
- name: Configure git signing GPG key
when: git_signing_key_type == "gpg"
block:
- name: Configure specified git signing GPG key
when: preferred_signing_key > -1
community.general.git_config:
name: user.signingkey
scope: global
state: present
value: "{{ gpg_origin_private_keyids[preferred_signing_key] }}"
register: selected_signing_key
- name: Configure random git signing GPG key
when: preferred_signing_key <= -1
community.general.git_config:
name: user.signingkey
scope: global
state: present
value: "{{ gpg_origin_private_keyids | random }}"
register: selected_signing_key
- name: Configure git signing SSH key
when: git_signing_key_type == "ssh"
block:
- name: Acquire SSH key-pairs from other system
when: not files_mode
block:
- name: Acquire private SSH keys from other system
delegate_to: "{{ ssh_keypairs_origin_host }}"
ansible.builtin.command:
argv:
- cat
- "~/.ssh/{{ item }}.ppk"
loop: "{{ ssh_origin_keypairs_filenames }}"
register: ssh_secrets
- name: Find SSH public keys in other system
delegate_to: "{{ ssh_keypairs_origin_host }}"
ansible.builtin.command:
argv:
- cat
- "~/.ssh/{{ item }}.pub"
loop: "{{ ssh_origin_keypairs_filenames }}"
register: ssh_nonsecrets
- name: Create private SSH keys
ansible.builtin.copy:
content: "{{ item }}"
dest: "{{ ansible_facts['user_dir'] }}/.ssh/{{ ssh_origin_keypairs_filenames[idx] }}.ppk"
force: yes
backup: yes
mode: "0600"
state: present
loop: "{{ ssh_secrets.results }}"
loop_control:
index_var: idx
register: created_ssh_private_keys
- name: Create public SSH keys
ansible.builtin.copy:
content: "{{ item }}"
dest: "{{ ansible_facts['user_dir'] }}/.ssh/{{ ssh_origin_keypairs_filenames[idx] }}.pub"
force: yes
backup: yes
mode: "0644"
state: present
loop: "{{ ssh_nonsecrets.results }}"
loop_control:
index_var: idx
register: created_ssh_public_keys
- name: Acquire SSH key-pairs
when: files_mode
block:
- name: Transfer private SSH keys
ansible.builtin.copy:
src: ssh/{{ item }}.ppk
dest: "{{ ansible_facts['user_dir'] }}/.ssh/{{ item }}.ppk"
force: yes
backup: yes
mode: "0600"
state: present
loop: "{{ ssh_origin_keypairs_filenames }}"
loop_control:
index_var: idx
register: created_ssh_private_keys
- name: Transfer public SSH keys
ansible.builtin.copy:
src: ssh/{{ item }}.pub
dest: "{{ ansible_facts['user_dir'] }}/.ssh/{{ item }}.pub"
force: yes
backup: yes
mode: "0644"
state: present
loop: "{{ ssh_origin_keypairs_filenames }}"
loop_control:
index_var: idx
register: created_ssh_public_keys
- name: Configure acquired, specified SSH public key as git signing key
when: preferred_signing_key > -1
community.general.git_config:
name: user.signingkey
scope: global
state: present
value: "{{ created_ssh_public_keys.results[preferred_signing_key] }}"
register: selected_signing_key
- name: Configure acquired, random SSH public key as git signing key
when: preferred_signing_key <= -1
community.general.git_config:
name: user.signingkey
scope: global
state: present
value: "{{ created_ssh_public_keys.results | random }}"
register: selected_signing_key
Reference in New Issue View Git Blame Copy Permalink