Merge branch 'devfs'

ansible/environments/laptop/host_vars/odofreebsd

@@ -26,9 +26,12 @@ users:
     groups:
       - name: wheel
       - name: video
+      - name: u2f
     authorized_keys:
       - yubikey
       - main_fido
       - backup_fido
       - homeassistant
     gitconfig: "gitconfig_home"
+# devfs_rules: "odo_devfs.rules"
+# devfs_system_ruleset: "localrules"

ansible/playbook.yaml

@@ -21,3 +21,4 @@
     - sway
     - emacs
     - firefox
+    - devfs

ansible/roles/devfs/files/odo_devfs.rules

@@ -0,0 +1,3 @@
+[localrules=10]
+add path 'input/*' mode 0660 group video
+add path 'usb/*' mode 0660 group usb

ansible/roles/devfs/tasks/common.yaml

@@ -0,0 +1,14 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user

ansible/roles/devfs/tasks/freebsd.yaml

@@ -0,0 +1,14 @@
+- name: Install /etc/devfs.rules
+  copy:
+    src: "files/{{ devfs_rules }}"
+    dest: /etc/devfs.rules
+    mode: 0644
+    owner: root
+    group: wheel
+
+- name: Set devfs_system_ruleset
+  when: devfs_system_ruleset is defined
+  community.general.sysrc:
+    name: "devfs_system_ruleset"
+    value: "{{ devfs_system_ruleset }}"
+    path: /etc/rc.conf.d/devfs

ansible/roles/devfs/tasks/linux.yaml

@@ -0,0 +1,6 @@
+# - name: Install packages
+#   pacman:
+#     name:
+#       - foo
+#     state: present
+#     update_cache: true

ansible/roles/devfs/tasks/main.yaml

@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  when: devfs_rules is defined

ansible/roles/devfs/tasks/peruser.yaml

@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'

ansible/roles/gpg/files/gpg-agent.conf

@@ -1,6 +0,0 @@
-enable-ssh-support
-write-env-file
-use-standard-socket
-default-cache-ttl 600
-max-cache-ttl 7200
-display :0

ansible/roles/gpg/meta/main.yaml

@@ -1,2 +1,3 @@
 dependencies:
   - users
+  - devfs # For access to usb devices like yubikeys

ansible/roles/gpg/tasks/peruser.yaml

@@ -19,11 +19,20 @@
   loop:
     - src: gpg.conf
       dest: .gnupg/gpg.conf
-    - src: gpg-agent.conf
-      dest: .gnupg/gpg-agent.conf
     - src: scdaemon.conf
       dest: .gnupg/scdaemon.conf
 
+- name: Copy templates
+  template:
+    src: "templates/{{ item.src }}.j2"
+    dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+    mode: 0600
+    owner: "{{ account_name.stdout }}"
+    group: "{{ group_name.stdout }}"
+  loop:
+    - src: gpg-agent.conf
+      dest: .gnupg/gpg-agent.conf
+
 - name: Check trusted gpg keys
   command: gpg --list-public-keys --keyid-format LONG
   register: gpgkeys

ansible/roles/gpg/templates/gpg-agent.conf.j2

@@ -0,0 +1,11 @@
+enable-ssh-support
+write-env-file
+use-standard-socket
+default-cache-ttl 600
+max-cache-ttl 7200
+display :0
+{% if os_flavor == "linux" %}
+pinentry-program /usr/bin/pinentry-qt5
+{% elif os_flavor == "freebsd" %}
+pinentry-program /usr/local/bin/pinentry-qt5
+{% endif %}