edit-secrets: configure gpg-agent/emacs

Emacs/gpg-agent need these settings so you can type directly into the minibuffer when opening GPG encrypted files. Change-Id: Ibdc132629f2e87b5a4a7b6222cd93f20e2321a5a
2022-11-03 10:07:20 +11:00 · 2022-11-03 10:07:20 +11:00 · 35fff9759b
parent ad46c912f3
commit 35fff9759b
1 changed files with 30 additions and 0 deletions
--- a/playbooks/roles/edit-secrets-script/tasks/main.yaml
+++ b/playbooks/roles/edit-secrets-script/tasks/main.yaml
@ -3,3 +3,33 @@
    mode: 0750
    src: edit-secrets
    dest: /usr/local/bin/edit-secrets
+
+- name: Add required emacs configuration
+  lineinfile:
+    path: /root/.emacs
+    regexp: 'epg-pinentry-mode'
+    line: "(setq epg-pinentry-mode 'loopback)"
+    state: present
+    create: yes
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Ensure gnupg directory
+  file:
+    path: /root/.gnupg
+    state: directory
+    owner: root
+    group: root
+    mode: '0700'
+
+- name: Add required gpg-agent configuration
+  lineinfile:
+    path: /root/.gnupg/gpg-agent
+    regexp: '^allow-loopback-pinentry'
+    line: 'allow-loopback-pinentry'
+    state: present
+    create: yes
+    owner: root
+    group: root
+    mode: '0400'