Use pinentry-gnome3 for gpg-agent on Arch

Add gpg-agent.arch.conf with pinentry-gnome3 and without enable-ssh-support (SSH is handled by gnome-keyring on GNOME). Deploy it from profile_desktop_gnome, overriding the common conf that uses pinentry-gtk-2 for Void. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-30 15:39:58 +00:00 · 2026-05-13 10:35:06 +02:00
parent 14c24c299d
commit 56c0335b40
2 changed files with 12 additions and 0 deletions
--- a/ansible/roles/profile_desktop_gnome/tasks/main.yml
+++ b/ansible/roles/profile_desktop_gnome/tasks/main.yml
@@ -17,6 +17,15 @@
    owner: root
    group: root

+- name: Deploy gpg-agent.conf for GNOME (pinentry-gnome3, no ssh-support)
+  tags: [dotfiles, dotfiles:desktop, gnome]
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/../dotfiles/desktop/.gnupg/gpg-agent.arch.conf"
+    dest: "{{ user_home }}/.gnupg/gpg-agent.conf"
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "0600"
+
 - name: Enable gnome-keyring PAM auth hook for GDM
  tags: [gnome]
  ansible.builtin.lineinfile:
--- a/dotfiles/desktop/.gnupg/gpg-agent.arch.conf
+++ b/dotfiles/desktop/.gnupg/gpg-agent.arch.conf
@@ -0,0 +1,3 @@
+pinentry-program /usr/bin/pinentry-gnome3
+default-cache-ttl 600
+max-cache-ttl 7200