Split gpg-agent config by profile

ansible/inventory/group_vars/server.yml

@@ -12,14 +12,20 @@ profile_packages:
   - dmidecode
   - dosfstools
   - gh
+  - gnupg
+  - gpg-agent
   - netcat-openbsd
   - openssh-server
   - parted
   - pciutils
+  - pinentry-curses
   - ranger
   - rsync
 
 server_dotfiles:
+  - src: .gnupg/gpg-agent.conf
+    dest: .gnupg/gpg-agent.conf
+    mode: "0600"
   - src: .gitignore_global
     dest: .gitignore_global
     mode: "0644"
@@ -42,6 +48,10 @@ server_templates:
     no_log: true
 
 server_directories:
+  - path: "{{ server_user_home }}/.gnupg"
+    owner: "{{ server_username }}"
+    group: "{{ server_user_group }}"
+    mode: "0700"
   - path: "{{ server_container_stack_dir }}"
     owner: root
     group: root

ansible/inventory/group_vars/workstation_dev.yml

@@ -19,9 +19,6 @@ workstation_user_directories:
     mode: "0700"
 
 workstation_dotfiles:
-  - src: .gnupg/gpg-agent.conf
-    dest: .gnupg/gpg-agent.conf
-    mode: "0600"
   - src: .gitignore_global
     dest: .gitignore_global
     mode: "0644"

ansible/inventory/group_vars/workstation_dev_wsl.yml

@@ -3,6 +3,7 @@ enabled_services:
   - docker
 
 workstation_dev_wsl_packages:
+  - pinentry-curses
   - python3-pip
 workstation_dev_wsl_excluded_packages:
   - pcscd
@@ -19,3 +20,7 @@ workstation_dev_wsl_python_packages:
   - pypsrp
   - pyspnego
 workstation_wsl_systemd_enabled: true
+workstation_dev_wsl_dotfiles:
+  - src: .gnupg/gpg-agent.conf
+    dest: .gnupg/gpg-agent.conf
+    mode: "0600"

ansible/inventory/group_vars/workstation_host_linux.yml

@@ -13,6 +13,11 @@ workstation_host_linux_packages:
   - podman-compose
   - yubikey-manager
 
+workstation_host_linux_dotfiles:
+  - src: .gnupg/gpg-agent.conf
+    dest: .gnupg/gpg-agent.conf
+    mode: "0600"
+
 workstation_manage_google_chrome: true
 
 workstation_removed_snap_packages:

ansible/roles/profile_workstation_dev_wsl/tasks/main.yml

@@ -1,4 +1,16 @@
 ---
+- name: Copy workstation WSL dotfiles
+  tags: [dotfiles, dotfiles:workstation, wsl]
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/../dotfiles/workstation_dev_wsl/{{ item.src }}"
+    dest: "{{ user_home }}/{{ item.dest }}"
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "{{ item.mode }}"
+  loop: "{{ workstation_dev_wsl_dotfiles | default([]) }}"
+  loop_control:
+    label: "{{ item.dest }}"
+
 - name: Ensure WSL boot configuration file exists
   tags: [packages, services]
   ansible.builtin.file:

ansible/roles/profile_workstation_gnome/tasks/main.yml

@@ -1,4 +1,16 @@
 ---
+- name: Copy workstation host Linux dotfiles
+  tags: [dotfiles, dotfiles:workstation, gnome]
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/../dotfiles/workstation_host_linux/{{ item.src }}"
+    dest: "{{ user_home }}/{{ item.dest }}"
+    owner: "{{ username }}"
+    group: "{{ user_group }}"
+    mode: "{{ item.mode }}"
+  loop: "{{ workstation_host_linux_dotfiles | default([]) }}"
+  loop_control:
+    label: "{{ item.dest }}"
+
 - name: Ensure GNOME extension directories exist
   tags: [packages, gnome]
   ansible.builtin.file:

dotfiles/server/.gnupg/gpg-agent.conf

@@ -0,0 +1,4 @@
+enable-ssh-support
+pinentry-program /usr/bin/pinentry-curses
+default-cache-ttl 600
+max-cache-ttl 7200

dotfiles/ubuntu/.bashrc.d/30-gpg-agent-wsl.sh

@@ -0,0 +1,17 @@
+case "$(uname -r 2>/dev/null)" in
+  *[Mm]icrosoft*) ;;
+  *) return ;;
+esac
+
+command -v gpgconf >/dev/null 2>&1 || return
+
+if tty -s; then
+  export GPG_TTY="$(tty)"
+fi
+
+gpgconf --launch gpg-agent >/dev/null 2>&1
+export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+
+if [ -n "${GPG_TTY-}" ]; then
+  gpg-connect-agent updatestartuptty /bye >/dev/null 2>&1
+fi

dotfiles/workstation_dev_wsl/.gnupg/gpg-agent.conf

@@ -0,0 +1,4 @@
+enable-ssh-support
+pinentry-program /usr/bin/pinentry-curses
+default-cache-ttl 600
+max-cache-ttl 7200