From 35fff9759b3bb2180b49cef722a74e86b8dc1b9b Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Thu, 3 Nov 2022 10:07:20 +1100
Subject: [PATCH] edit-secrets: configure gpg-agent/emacs

Emacs/gpg-agent need these settings so you can type directly into the
minibuffer when opening GPG encrypted files.

Change-Id: Ibdc132629f2e87b5a4a7b6222cd93f20e2321a5a
---
 .../roles/edit-secrets-script/tasks/main.yaml | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/playbooks/roles/edit-secrets-script/tasks/main.yaml b/playbooks/roles/edit-secrets-script/tasks/main.yaml
index 21800d5f33..1a96f5dd13 100644
--- a/playbooks/roles/edit-secrets-script/tasks/main.yaml
+++ b/playbooks/roles/edit-secrets-script/tasks/main.yaml
@@ -3,3 +3,33 @@
     mode: 0750
     src: edit-secrets
     dest: /usr/local/bin/edit-secrets
+
+- name: Add required emacs configuration
+  lineinfile:
+    path: /root/.emacs
+    regexp: 'epg-pinentry-mode'
+    line: "(setq epg-pinentry-mode 'loopback)"
+    state: present
+    create: yes
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Ensure gnupg directory
+  file:
+    path: /root/.gnupg
+    state: directory
+    owner: root
+    group: root
+    mode: '0700'
+
+- name: Add required gpg-agent configuration
+  lineinfile:
+    path: /root/.gnupg/gpg-agent
+    regexp: '^allow-loopback-pinentry'
+    line: 'allow-loopback-pinentry'
+    state: present
+    create: yes
+    owner: root
+    group: root
+    mode: '0400'