# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- --- - name: "DEBUG: proxy dirmngr.yml" debug: verbosity: 1 msg: "DEBUG: Including proxy dirmngr.yml" - name: /etc/gnupg/ shell: | [ -d "/etc/gnupg" ] || mkdir -p "{{USR_LOCAL}}/etc/gnupg" - name: /etc/dirmngr/dirmngr.conf lineinfile: dest: "/etc/dirmngr/dirmngr.conf" insertbefore: BOF mode: 0755 owner: "{{BOX_ROOT_USER}}" group: "{{BOX_ROOT_GROUP}}" create: yes regexp: "# -.- mode: conf; tab-width: 0; coding: utf-8-unix -.-" line: "# -*- mode: conf; tab-width: 0; coding: utf-8-unix -*-" when: - not ansible_check_mode # FixMe: ignore_errors: true - name: /etc/gnupg/gpgconf.conf lineinfile: dest: "/etc/gnupg/gpgconf.conf" # insertbefore: BOF mode: 0755 owner: "{{BOX_ROOT_USER}}" group: "{{BOX_ROOT_GROUP}}" create: yes state: "{{item.state}}" regexp: "^#*{{item.key}} .*" line: "{{item.key}} {{item.val}}" when: - not ansible_check_mode with_items: - key: keyserver-options val: no-try-dns-srv # Debian! gpg: keyserver option 'no-try-dns-srv' is unknown # gentoo unknown - dirmngr ? state: absent - key: debug-level val: "4" # not on gentoo state: "{{ 'present' if ansible_distribution != 'Gentoo' else 'absent' }}" # - key: connect-timeout # val: "20" # value: "" # state: present - name: /etc/dirmngr/dirmngr.conf blockinfile: dest: "/etc/dirmngr/dirmngr.conf" create: false marker: "# {mark} ANSIBLE MANAGED BLOCK proxy dirmngr.yml head" block: | verbose debug-all standard-resolver disable-ldap when: - not ansible_check_mode - name: /etc/dirmngr/dirmngr.conf blockinfile: dest: /etc/dirmngr/dirmngr.conf create: true marker: "# {mark} ANSIBLE MANAGED BLOCK proxy dirmngr.yml ipv6" block: | disable-ipv6 when: - not ansible_check_mode - BASE_IPV6_DISABLE == 1 - name: /etc/dirmngr/dirmngr.conf blockinfile: dest: "/etc/dirmngr/dirmngr.conf" create: false marker: "# {mark} ANSIBLE MANAGED BLOCK proxy dirmngr.yml head" block: | {% for elt in PROXY_GNUPG_SERVERS %} keyserver hkp://{{ elt }} {% endfor %} {% for elt in PROXY_GNUPG_CERTS %} hkp-cacert {{ elt }} {% endfor %} when: - not ansible_check_mode - name: /var/log/dirmngr.log shell: | [ -f /var/log/dirmngr.log ] || touch /var/log/dirmngr.log chown root /var/log/dirmngr.log args: creates: /var/log/dirmngr.log - name: /etc/dirmngr/dirmngr.conf.tor shell: | [ -e /etc/dirmngr/dirmngr.conf.tor ] || \ cp -p /etc/dirmngr/dirmngr.conf /etc/dirmngr/dirmngr.conf.tor when: - PROXY_MODE == 'tor' - name: /etc/dirmngr/dirmngr.conf use-tor blockinfile: dest: "/etc/dirmngr/dirmngr.conf" create: true marker: "# {mark} ANSIBLE MANAGED BLOCK tor" block: | use-tor # https://keys.openpgp.org/about/usage keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion when: - not ansible_check_mode - PROXY_MODE == 'tor' - name: /etc/dirmngr/dirmngr.conf.whonix shell: | [ -e /etc/dirmngr/dirmngr.conf.whonix ] || \ cp -p /etc/dirmngr/dirmngr.conf /etc/dirmngr/dirmngr.conf.whonix when: - PROXY_MODE == 'whonix' # This is not enough: - name: /usr/bin/dirmngr.bin # FixMe: blockinfile shell: | # /usr/bin/dirmngr.bin --dump-options >> /tmp/$$.out [ -d /etc/dirmngr ] || mkdir /etc/dirmngr [ -f /etc/dirmngr/dirmngr.conf ] || touch /etc/dirmngr/dirmngr.conf grep -q disable-ipv6 /etc/dirmngr/dirmngr.conf ] || \ echo disable-ipv6 >> /etc/dirmngr/dirmngr.conf args: creates: /etc/dirmngr/dirmngr.conf when: - not ansible_check_mode - BASE_IPV6_DISABLE == 1 - block: - name: /usr/bin/dirmngr.bin shell: | [ -f /usr/local/bin/proxy_dirmngr.bash ] || exit 1 # This is recent cd /usr/bin/ if [ ! -f dirmngr.bin ] ; then mv dirmngr dirmngr.bin elif file dirmngr | grep -q ELF ; then mv dirmngr dirmngr.bin fi [ -h dirmngr ] || ln -s /usr/local/bin/proxy_dirmngr.bash dirmngr chmod 755 dirmngr /usr/local/bin/proxy_dirmngr.bash [ -x /usr/local/bin/proxy_dirmngr.bash ] || exit 2 when: # the --keyserver may be required even with ipv6 - true or BASE_IPV6_DISABLE == 1 - not ansible_check_mode