---

# @TODO: Can't use file module, since one of the files (GnuPG socket)
#        seems to disappear in middle of operation).
- name: Remove current keyring  # noqa no-changed-when
  # [no-changed-when] Commands should not change things if nothing needs doing
  #   This task is invoked only if user is very specific about requiring to
  #   run the handlers manually as a way to bring the system to consistency
  #   after interrupted runs.
  ansible.builtin.command: "rm -rf /etc/duply/main/gnupg"

- name: Create keyring directory
  ansible.builtin.file:
    path: "/etc/duply/main/gnupg"
    state: directory
    owner: root
    group: root
    mode: "0700"

- name: Import private keys  # noqa no-changed-when
  # [no-changed-when] Commands should not change things if nothing needs doing
  #   This task is invoked only if user is very specific about requiring to
  #   run the handlers manually as a way to bring the system to consistency
  #   after interrupted runs.
  ansible.builtin.command: "gpg --no-tty --homedir /etc/duply/main/gnupg --import /etc/duply/main/private_keys.asc"

- name: Import public keys  # noqa no-changed-when
  # [no-changed-when] Commands should not change things if nothing needs doing
  #   This task is invoked only if user is very specific about requiring to
  #   run the handlers manually as a way to bring the system to consistency
  #   after interrupted runs.
  ansible.builtin.command: "gpg --no-tty --homedir /etc/duply/main/gnupg --import /etc/duply/main/public_keys.asc"
  when: backup_additional_encryption_keys | length > 0