--- version: '3' tasks: conf: vars: GPG_CONFIG: | # Source: https://raw.githubusercontent.com/drduh/config/master/gpg.conf personal-cipher-preferences AES256 AES192 AES personal-digest-preferences SHA512 SHA384 SHA256 personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed cert-digest-algo SHA512 s2k-digest-algo SHA512 s2k-cipher-algo AES256 charset utf-8 fixed-list-mode no-comments no-emit-version keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint require-cross-certification no-symkey-cache use-agent throw-keyids cmds: - mkdir -p "{{if .CONFIG_DIR_PATH}}{{.CONFIG_DIR_PATH}}{{else}}$HOME/.gnupg{{end}}" - echo '{{.GPG_CONFIG}}' > "{{if .CONFIG_DIR_PATH}}{{.CONFIG_DIR_PATH}}{{else}}$HOME/.gnupg{{end}}/gpg.conf" status: - '[ -n "$YUBIKEY_BACKUP" ]' conf:agent: deps: - :install:software:pinentry vars: GPG_AGENT_CONFIG: | enable-ssh-support default-cache-ttl 60 max-cache-ttl 120 pinentry-program {{if (eq OS "linux")}}/usr/bin/pinentry-gnome3{{else}}/usr/local/bin/pinentry-mac{{end}} PROFILE_STRING: | ### GPG SSH Settings ### export GPG_TTY="$(tty)" export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" gpgconf --launch gpg-agent cmds: - mkdir -p "{{if .CONFIG_DIR_PATH}}{{.CONFIG_DIR_PATH}}{{else}}$HOME/.gnupg{{end}}" - echo '{{.GPG_AGENT_CONFIG}}' > "{{if .CONFIG_DIR_PATH}}{{.CONFIG_DIR_PATH}}{{else}}$HOME/.gnupg{{end}}/gpg-agent.conf" - task: :install:profile:add vars: PROFILE_STRING: '{{.PROFILE_STRING}}' status: - '[ -n "$YUBIKEY_BACKUP" ]' donothing: 'true' public:import:file: todo: Polish cmds: - gpg --import /mnt/gpg-public/gpg-$KEYID*.asc - echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID" status: - '[ ! -f /mnt/gpg-public ]' public:import:server: todo: Add prompt for KEYID cmds: - gpg --recv $KEYID - echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"