72 lines
2.3 KiB
YAML
72 lines
2.3 KiB
YAML
|
---
|
||
|
|
version: '3'
|
||
|
|
|
||
|
|
tasks:
|
||
|
|
conf:
|
||
|
|
vars:
|
||
|
|
GPG_CONFIG: |
|
||
|
|
# Source: https://raw.githubusercontent.com/drduh/config/master/gpg.conf
|
||
|
|
personal-cipher-preferences AES256 AES192 AES
|
||
|
|
personal-digest-preferences SHA512 SHA384 SHA256
|
||
|
|
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
|
||
|
|
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
|
||
|
|
cert-digest-algo SHA512
|
||
|
|
s2k-digest-algo SHA512
|
||
|
|
s2k-cipher-algo AES256
|
||
|
|
charset utf-8
|
||
|
|
fixed-list-mode
|
||
|
|
no-comments
|
||
|
|
no-emit-version
|
||
|
|
keyid-format 0xlong
|
||
|
|
list-options show-uid-validity
|
||
|
|
verify-options show-uid-validity
|
||
|
|
with-fingerprint
|
||
|
|
require-cross-certification
|
||
|
|
no-symkey-cache
|
||
|
|
use-agent
|
||
|
|
throw-keyids
|
||
|
|
cmds:
|
||
|
|
- mkdir -p "{{if .CONFIG_DIR_PATH}}{{.CONFIG_DIR_PATH}}{{else}}$HOME/.gnupg{{end}}"
|
||
|
|
- echo '{{.GPG_CONFIG}}' > "{{if .CONFIG_DIR_PATH}}{{.CONFIG_DIR_PATH}}{{else}}$HOME/.gnupg{{end}}/gpg.conf"
|
||
|
|
status:
|
||
|
|
- '[ -n "$YUBIKEY_BACKUP" ]'
|
||
|
|
|
||
|
|
conf:agent:
|
||
|
|
deps:
|
||
|
|
- :install:software:pinentry
|
||
|
|
vars:
|
||
|
|
GPG_AGENT_CONFIG: |
|
||
|
|
enable-ssh-support
|
||
|
|
default-cache-ttl 60
|
||
|
|
max-cache-ttl 120
|
||
|
|
pinentry-program {{if (eq OS "linux")}}/usr/bin/pinentry-gnome3{{else}}/usr/local/bin/pinentry-mac{{end}}
|
||
|
|
PROFILE_STRING: |
|
||
|
|
### GPG SSH Settings ###
|
||
|
|
export GPG_TTY="$(tty)"
|
||
|
|
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
|
||
|
|
gpgconf --launch gpg-agent
|
||
|
|
cmds:
|
||
|
|
- mkdir -p "{{if .CONFIG_DIR_PATH}}{{.CONFIG_DIR_PATH}}{{else}}$HOME/.gnupg{{end}}"
|
||
|
|
- echo '{{.GPG_AGENT_CONFIG}}' > "{{if .CONFIG_DIR_PATH}}{{.CONFIG_DIR_PATH}}{{else}}$HOME/.gnupg{{end}}/gpg-agent.conf"
|
||
|
|
- task: :install:profile:add
|
||
|
|
vars:
|
||
|
|
PROFILE_STRING: '{{.PROFILE_STRING}}'
|
||
|
|
status:
|
||
|
|
- '[ -n "$YUBIKEY_BACKUP" ]'
|
||
|
|
|
||
|
|
donothing: 'true'
|
||
|
|
|
||
|
|
public:import:file:
|
||
|
|
todo: Polish
|
||
|
|
cmds:
|
||
|
|
- gpg --import /mnt/gpg-public/gpg-$KEYID*.asc
|
||
|
|
- echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
|
||
|
|
status:
|
||
|
|
- '[ ! -f /mnt/gpg-public ]'
|
||
|
|
|
||
|
|
public:import:server:
|
||
|
|
todo: Add prompt for KEYID
|
||
|
|
cmds:
|
||
|
|
- gpg --recv $KEYID
|
||
|
|
- echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
|