From c7c3cff31fec98f96a4bbefde15b81d5e795f148 Mon Sep 17 00:00:00 2001
From: Fabio Scotto di Santolo <fscottodev@pm.me>
Date: Wed, 8 Apr 2026 14:54:05 +0200
Subject: [PATCH] Split gpg-agent config by profile

---
 ansible/inventory/group_vars/server.yml         | 10 ++++++++++
 .../inventory/group_vars/workstation_dev.yml    |  3 ---
 .../group_vars/workstation_dev_wsl.yml          |  5 +++++
 .../group_vars/workstation_host_linux.yml       |  5 +++++
 .../profile_workstation_dev_wsl/tasks/main.yml  | 12 ++++++++++++
 .../profile_workstation_gnome/tasks/main.yml    | 12 ++++++++++++
 dotfiles/server/.gnupg/gpg-agent.conf           |  4 ++++
 dotfiles/ubuntu/.bashrc.d/30-gpg-agent-wsl.sh   | 17 +++++++++++++++++
 .../workstation_dev_wsl/.gnupg/gpg-agent.conf   |  4 ++++
 .../.gnupg/gpg-agent.conf                       |  0
 10 files changed, 69 insertions(+), 3 deletions(-)
 create mode 100644 dotfiles/server/.gnupg/gpg-agent.conf
 create mode 100644 dotfiles/ubuntu/.bashrc.d/30-gpg-agent-wsl.sh
 create mode 100644 dotfiles/workstation_dev_wsl/.gnupg/gpg-agent.conf
 rename dotfiles/{workstation => workstation_host_linux}/.gnupg/gpg-agent.conf (100%)

diff --git a/ansible/inventory/group_vars/server.yml b/ansible/inventory/group_vars/server.yml
index 1a87300..d4da695 100644
--- a/ansible/inventory/group_vars/server.yml
+++ b/ansible/inventory/group_vars/server.yml
@@ -12,14 +12,20 @@ profile_packages:
   - dmidecode
   - dosfstools
   - gh
+  - gnupg
+  - gpg-agent
   - netcat-openbsd
   - openssh-server
   - parted
   - pciutils
+  - pinentry-curses
   - ranger
   - rsync
 
 server_dotfiles:
+  - src: .gnupg/gpg-agent.conf
+    dest: .gnupg/gpg-agent.conf
+    mode: "0600"
   - src: .gitignore_global
     dest: .gitignore_global
     mode: "0644"
@@ -42,6 +48,10 @@ server_templates:
     no_log: true
 
 server_directories:
+  - path: "{{ server_user_home }}/.gnupg"
+    owner: "{{ server_username }}"
+    group: "{{ server_user_group }}"
+    mode: "0700"
   - path: "{{ server_container_stack_dir }}"
     owner: root
     group: root
diff --git a/ansible/inventory/group_vars/workstation_dev.yml b/ansible/inventory/group_vars/workstation_dev.yml
index 44bac90..a73c858 100644
--- a/ansible/inventory/group_vars/workstation_dev.yml
+++ b/ansible/inventory/group_vars/workstation_dev.yml
@@ -19,9 +19,6 @@ workstation_user_directories:
     mode: "0700"
 
 workstation_dotfiles:
-  - src: .gnupg/gpg-agent.conf
-    dest: .gnupg/gpg-agent.conf
-    mode: "0600"
   - src: .gitignore_global
     dest: .gitignore_global
     mode: "0644"
diff --git a/ansible/inventory/group_vars/workstation_dev_wsl.yml b/ansible/inventory/group_vars/workstation_dev_wsl.yml
index a16a2ef..334d254 100644
--- a/ansible/inventory/group_vars/workstation_dev_wsl.yml
+++ b/ansible/inventory/group_vars/workstation_dev_wsl.yml
@@ -3,6 +3,7 @@ enabled_services:
   - docker
 
 workstation_dev_wsl_packages:
+  - pinentry-curses
   - python3-pip
 workstation_dev_wsl_excluded_packages:
   - pcscd
@@ -19,3 +20,7 @@ workstation_dev_wsl_python_packages:
   - pypsrp
   - pyspnego
 workstation_wsl_systemd_enabled: true
+workstation_dev_wsl_dotfiles:
+  - src: .gnupg/gpg-agent.conf
+    dest: .gnupg/gpg-agent.conf
+    mode: "0600"
diff --git a/ansible/inventory/group_vars/workstation_host_linux.yml b/ansible/inventory/group_vars/workstation_host_linux.yml
index a5f4852..8f0f140 100644
--- a/ansible/inventory/group_vars/workstation_host_linux.yml
+++ b/ansible/inventory/group_vars/workstation_host_linux.yml
@@ -13,6 +13,11 @@ workstation_host_linux_packages:
   - podman-compose
   - yubikey-manager
 
+workstation_host_linux_dotfiles:
+  - src: .gnupg/gpg-agent.conf
+    dest: .gnupg/gpg-agent.conf
+    mode: "0600"
+
 workstation_manage_google_chrome: true
 
 workstation_removed_snap_packages:
diff --git a/ansible/roles/profile_workstation_dev_wsl/tasks/main.yml b/ansible/roles/profile_workstation_dev_wsl/tasks/main.yml
index 8f5e596..e6eda45 100644
--- a/ansible/roles/profile_workstation_dev_wsl/tasks/main.yml
+++ b/ansible/roles/profile_workstation_dev_wsl/tasks/main.yml
@@ -1,4 +1,16 @@
 ---
+- name: Copy workstation WSL dotfiles
+  tags: [dotfiles, dotfiles:workstation, wsl]
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/../dotfiles/workstation_dev_wsl/{{ item.src }}"
+    dest: "{{ user_home }}/{{ item.dest }}"
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "{{ item.mode }}"
+  loop: "{{ workstation_dev_wsl_dotfiles | default([]) }}"
+  loop_control:
+    label: "{{ item.dest }}"
+
 - name: Ensure WSL boot configuration file exists
   tags: [packages, services]
   ansible.builtin.file:
diff --git a/ansible/roles/profile_workstation_gnome/tasks/main.yml b/ansible/roles/profile_workstation_gnome/tasks/main.yml
index cd39a31..070a635 100644
--- a/ansible/roles/profile_workstation_gnome/tasks/main.yml
+++ b/ansible/roles/profile_workstation_gnome/tasks/main.yml
@@ -1,4 +1,16 @@
 ---
+- name: Copy workstation host Linux dotfiles
+  tags: [dotfiles, dotfiles:workstation, gnome]
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/../dotfiles/workstation_host_linux/{{ item.src }}"
+    dest: "{{ user_home }}/{{ item.dest }}"
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "{{ item.mode }}"
+  loop: "{{ workstation_host_linux_dotfiles | default([]) }}"
+  loop_control:
+    label: "{{ item.dest }}"
+
 - name: Ensure GNOME extension directories exist
   tags: [packages, gnome]
   ansible.builtin.file:
diff --git a/dotfiles/server/.gnupg/gpg-agent.conf b/dotfiles/server/.gnupg/gpg-agent.conf
new file mode 100644
index 0000000..be384b5
--- /dev/null
+++ b/dotfiles/server/.gnupg/gpg-agent.conf
@@ -0,0 +1,4 @@
+enable-ssh-support
+pinentry-program /usr/bin/pinentry-curses
+default-cache-ttl 600
+max-cache-ttl 7200
diff --git a/dotfiles/ubuntu/.bashrc.d/30-gpg-agent-wsl.sh b/dotfiles/ubuntu/.bashrc.d/30-gpg-agent-wsl.sh
new file mode 100644
index 0000000..60164ae
--- /dev/null
+++ b/dotfiles/ubuntu/.bashrc.d/30-gpg-agent-wsl.sh
@@ -0,0 +1,17 @@
+case "$(uname -r 2>/dev/null)" in
+  *[Mm]icrosoft*) ;;
+  *) return ;;
+esac
+
+command -v gpgconf >/dev/null 2>&1 || return
+
+if tty -s; then
+  export GPG_TTY="$(tty)"
+fi
+
+gpgconf --launch gpg-agent >/dev/null 2>&1
+export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+
+if [ -n "${GPG_TTY-}" ]; then
+  gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1
+fi
diff --git a/dotfiles/workstation_dev_wsl/.gnupg/gpg-agent.conf b/dotfiles/workstation_dev_wsl/.gnupg/gpg-agent.conf
new file mode 100644
index 0000000..be384b5
--- /dev/null
+++ b/dotfiles/workstation_dev_wsl/.gnupg/gpg-agent.conf
@@ -0,0 +1,4 @@
+enable-ssh-support
+pinentry-program /usr/bin/pinentry-curses
+default-cache-ttl 600
+max-cache-ttl 7200
diff --git a/dotfiles/workstation/.gnupg/gpg-agent.conf b/dotfiles/workstation_host_linux/.gnupg/gpg-agent.conf
similarity index 100%
rename from dotfiles/workstation/.gnupg/gpg-agent.conf
rename to dotfiles/workstation_host_linux/.gnupg/gpg-agent.conf