From 59b508b81149cf43e45d333bdbffb9bc1d06cd5d Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 16 Oct 2022 01:01:24 -0400
Subject: [PATCH] Add a gpg role for FreeBSD.

---
 ansible/roles/gpg/files/pcscd.conf         |  8 ++++
 ansible/roles/gpg/files/pcscd_rc.conf      |  1 +
 ansible/roles/gpg/tasks/freebsd.yaml       | 17 +++++--
 ansible/roles/gpg/tasks/peruser.yaml       | 52 ++++++++++++++--------
 ansible/roles/gpg/tasks/peruser_linux.yaml | 35 ---------------
 5 files changed, 56 insertions(+), 57 deletions(-)
 create mode 100644 ansible/roles/gpg/files/pcscd.conf
 create mode 100644 ansible/roles/gpg/files/pcscd_rc.conf

diff --git a/ansible/roles/gpg/files/pcscd.conf b/ansible/roles/gpg/files/pcscd.conf
new file mode 100644
index 0000000..78755be
--- /dev/null
+++ b/ansible/roles/gpg/files/pcscd.conf
@@ -0,0 +1,8 @@
+attach 100 {
+        device-name "ugen[0-9]+";
+        action "/usr/local/sbin/pcscd -H";
+};
+detach 100 {
+        device-name "ugen[0-9]+";
+        action "/usr/local/sbin/pcscd -H";
+};
\ No newline at end of file
diff --git a/ansible/roles/gpg/files/pcscd_rc.conf b/ansible/roles/gpg/files/pcscd_rc.conf
new file mode 100644
index 0000000..729f279
--- /dev/null
+++ b/ansible/roles/gpg/files/pcscd_rc.conf
@@ -0,0 +1 @@
+pcscd_enable="YES"
diff --git a/ansible/roles/gpg/tasks/freebsd.yaml b/ansible/roles/gpg/tasks/freebsd.yaml
index 7fcf6b4..ef1c0ea 100644
--- a/ansible/roles/gpg/tasks/freebsd.yaml
+++ b/ansible/roles/gpg/tasks/freebsd.yaml
@@ -6,7 +6,8 @@
       - ccid
       #      - linux_libusb
       - pinentry
-      - pinentry-qt5    state: present
+      - pinentry-qt5
+    state: present
 
 - name: Create directories
   file:
@@ -20,7 +21,7 @@
 
 - name: Install service configuration
   copy:
-    src: "files/intel_{{ item }}_rc.conf"
+    src: "files/{{ item }}_rc.conf"
     dest: "/etc/rc.conf.d/{{ item }}"
     mode: 0644
     owner: root
@@ -35,7 +36,17 @@
     mode: 0644
     owner: root
     group: wheel
-  notify: restart devd
+  loop:
+    - src: pcscd.conf
+      dest: /usr/local/etc/devd/pcscd.conf
+
+- name: Install devd Configuration
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0644
+    owner: root
+    group: wheel
   loop:
     - src: pcscd.conf
       dest: /usr/local/etc/devd/pcscd.conf
diff --git a/ansible/roles/gpg/tasks/peruser.yaml b/ansible/roles/gpg/tasks/peruser.yaml
index 111e886..01000bc 100644
--- a/ansible/roles/gpg/tasks/peruser.yaml
+++ b/ansible/roles/gpg/tasks/peruser.yaml
@@ -1,26 +1,40 @@
 - include_role:
     name: per_user
 
-# - name: Create directories
-#   file:
-#     name: "{{ account_homedir.stdout }}/{{ item }}"
-#     state: directory
-#     mode: 0700
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - ".config/foo"
+- name: Create gpg config directory
+  file:
+    name: "{{ account_homedir.stdout }}/.gnupg"
+    state: directory
+    mode: 0700
+    owner: "{{ account_name.stdout }}"
+    group: "{{ group_name.stdout }}"
 
-# - name: Copy files
-#   copy:
-#     src: "files/{{ item.src }}"
-#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
-#     mode: 0600
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - src: foo.conf
-#       dest: .config/foo/foo.conf
+- name: Copy files
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+    mode: 0600
+    owner: "{{ account_name.stdout }}"
+    group: "{{ group_name.stdout }}"
+  with_items:
+    - src: gpg.conf
+      dest: .gnupg/gpg.conf
+    - src: gpg-agent.conf
+      dest: .gnupg/gpg-agent.conf
+    - src: scdaemon.conf
+      dest: .gnupg/scdaemon.conf
+
+- name: Check trusted gpg keys
+  command: gpg --list-public-keys --keyid-format LONG
+  register: gpgkeys
+  changed_when: false
+  check_mode: no
+
+- name: Import public key for yubikey
+  command: gpg --import
+  when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout'
+  args:
+    stdin: "{{ lookup('file', 'gpg.asc') }}"
 
 - import_tasks: tasks/peruser_freebsd.yaml
   when: 'os_flavor == "freebsd"'
diff --git a/ansible/roles/gpg/tasks/peruser_linux.yaml b/ansible/roles/gpg/tasks/peruser_linux.yaml
index 9893d22..f38d273 100644
--- a/ansible/roles/gpg/tasks/peruser_linux.yaml
+++ b/ansible/roles/gpg/tasks/peruser_linux.yaml
@@ -8,38 +8,3 @@
   loop:
     - gpg-agent.socket
     - gpg-agent-ssh.socket
-
-- name: Create gpg config directory
-  file:
-    name: "{{ account_homedir.stdout }}/.gnupg"
-    state: directory
-    mode: 0700
-    owner: "{{ account_name.stdout }}"
-    group: "{{ group_name.stdout }}"
-
-- name: Configure gpg
-  copy:
-    src: "files/{{ item.src }}"
-    dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
-    mode: 0600
-    owner: "{{ account_name.stdout }}"
-    group: "{{ group_name.stdout }}"
-  loop:
-    - src: gpg.conf
-      dest: .gnupg/gpg.conf
-    - src: gpg-agent.conf
-      dest: .gnupg/gpg-agent.conf
-    - src: scdaemon.conf
-      dest: .gnupg/scdaemon.conf
-
-- name: Check trusted gpg keys
-  command: gpg --list-public-keys --keyid-format LONG
-  register: gpgkeys
-  changed_when: false
-  check_mode: no
-
-- name: Import public key for yubikey
-  command: gpg --import
-  when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout'
-  args:
-    stdin: "{{ lookup('file', 'gpg.asc') }}"