---
##
## Config: GPG Part
##

- name: Create GPG directory
  file:
    path: /root/.gnupg
    state: directory
    mode: '0700'

- name: Send GPG passphrase
  copy:
    src: "{{duplicity_gpg_passphrase}}"
    dest: /etc/glenux.duplicity/gnupg_backup.passphrase
    mode: "0600"

- name: Send GPG secret key
  copy:
    src: "{{duplicity_gpg_key}}"
    dest: /etc/glenux.duplicity/gnupg_backup.key
    mode: "0600"

- name: Send GPG public key
  copy:
    src: "{{duplicity_gpg_pubkey}}"
    dest: /etc/glenux.duplicity/gnupg_backup.pubkey
    mode: "0600"

- name: Import GPG key
  command: "gpg --batch
                --passphrase-file /etc/glenux.duplicity/gnupg_backup.passphrase
                --pinentry-mode loopback
                --import /etc/glenux.duplicity/gnupg_backup.key"

- name: De-armor GPG key
  command: "gpg -no-tty
                --dearmor
                /etc/glenux.duplicity/gnupg_backup.key"

- name: Set GPG key trustlevel
  shell: "gpg --with-fingerprint
              --no-default-keyring
              --secret-keyring /etc/glenux.duplicity/gnupg_backup.key.gpg
              --list-secret-keys
              --with-colons
         | sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\\1:6:/p'
         | gpg --import-ownertrust"
#