feat: add 1Password installation and configuration tasks

2025-03-11 15:25:02 +01:00 · 2025-03-11 15:25:02 +01:00 · 3b9791e648
commit 3b9791e648
parent bb944b21a9
2 changed files with 60 additions and 0 deletions
--- a/config/ansible/tasks/global/global.yml
+++ b/config/ansible/tasks/global/global.yml
@ -26,6 +26,10 @@
  ansible.builtin.import_tasks: tasks/global/openssh-server.yml
  become: true

+- name: Include 1Password tasks
+  ansible.builtin.import_tasks: tasks/global/onepassword.yml
+  become: true
+
 - name: Ensure common packages are installed
  ansible.builtin.package:
    name:
--- a/config/ansible/tasks/global/onepassword.yml
+++ b/config/ansible/tasks/global/onepassword.yml
@ -0,0 +1,56 @@
+---
+- name: Install 1Password CLI
+  block:
+    - name: Add 1Password GPG key
+      ansible.builtin.get_url:
+        url: https://downloads.1password.com/linux/keys/1password.asc
+        dest: /tmp/1password.asc
+        mode: '0644'
+
+    - name: Import 1Password GPG key
+      ansible.builtin.shell: cat /tmp/1password.asc | gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg
+      args:
+        creates: /usr/share/keyrings/1password-archive-keyring.gpg
+      become: true
+
+    - name: Add 1Password repository
+      ansible.builtin.apt_repository:
+        repo: deb [arch={{ ansible_architecture }} signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/{{ ansible_architecture }} stable main
+        filename: 1password
+        state: present
+      become: true
+
+    - name: Create debsig policies directory
+      ansible.builtin.file:
+        path: /etc/debsig/policies/AC2D62742012EA22/
+        state: directory
+        mode: '0755'
+      become: true
+
+    - name: Download and install 1Password policy file
+      ansible.builtin.get_url:
+        url: https://downloads.1password.com/linux/debian/debsig/1password.pol
+        dest: /etc/debsig/policies/AC2D62742012EA22/1password.pol
+        mode: '0644'
+      become: true
+
+    - name: Create debsig keyrings directory
+      ansible.builtin.file:
+        path: /usr/share/debsig/keyrings/AC2D62742012EA22
+        state: directory
+        mode: '0755'
+      become: true
+
+    - name: Download and install debsig GPG key
+      ansible.builtin.shell: curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
+      args:
+        creates: /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
+      become: true
+
+    - name: Install 1Password CLI
+      ansible.builtin.apt:
+        name: 1password-cli
+        state: present
+        update_cache: true
+      become: true
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'