From 5112d0d73dc9f7494c9f9d896ee379e247c86b45 Mon Sep 17 00:00:00 2001 From: Fabio Scotto di Santolo Date: Fri, 27 Mar 2026 14:05:23 +0100 Subject: [PATCH] Add workstation YubiKey support --- TODOs.md | 2 -- ansible/inventory/group_vars/workstation.yml | 12 ++++++++++++ dotfiles/workstation/.gnupg/gpg-agent.conf | 3 +++ 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 dotfiles/workstation/.gnupg/gpg-agent.conf diff --git a/TODOs.md b/TODOs.md index 3e1d880..4dbee96 100644 --- a/TODOs.md +++ b/TODOs.md @@ -9,6 +9,4 @@ - [x] installare podman - [x] scaricare la posta - [x] init mu per la ricerca -- [ ] aggiungere chiavi gpg nel vault per ripristino dopo reinstallazione -- [ ] aggiungere chiavi ssh nel vault per ripristino dopo reinstallazione - [ ] configurare GNOME diff --git a/ansible/inventory/group_vars/workstation.yml b/ansible/inventory/group_vars/workstation.yml index 182bb24..6029712 100644 --- a/ansible/inventory/group_vars/workstation.yml +++ b/ansible/inventory/group_vars/workstation.yml @@ -1,5 +1,12 @@ --- profile_packages: + - gnupg + - gpg-agent + - pcscd + - yubikey-manager + - pinentry-gnome3 + - openssh-client + - libfido2-1 - meld - gufw - libreoffice @@ -52,8 +59,13 @@ workstation_user_directories: mode: "0755" - path: "{{ user_home }}/.local/bin" mode: "0755" + - path: "{{ user_home }}/.gnupg" + mode: "0700" workstation_dotfiles: + - src: .gnupg/gpg-agent.conf + dest: .gnupg/gpg-agent.conf + mode: "0600" - src: .gitignore_global dest: .gitignore_global mode: "0644" diff --git a/dotfiles/workstation/.gnupg/gpg-agent.conf b/dotfiles/workstation/.gnupg/gpg-agent.conf new file mode 100644 index 0000000..15ab186 --- /dev/null +++ b/dotfiles/workstation/.gnupg/gpg-agent.conf @@ -0,0 +1,3 @@ +pinentry-program /usr/bin/pinentry-gnome3 +default-cache-ttl 600 +max-cache-ttl 7200