feat(gnupg): configure scdaemon.conf

roles/gnupg/defaults/main.yml

@@ -3,6 +3,7 @@
 gpg_config_folder: ~/.gnupg
 gpg_config_file: "{{ gpg_config_folder }}/gpg.conf"
 gpg_agent_config_file: "{{ gpg_config_folder }}/gpg-agent.conf"
+gpg_scdaemon_config_file: "{{ gpg_config_folder }}/scdaemon.conf"
 gpg_agent_sshcontrol_file: "{{ gpg_config_folder }}/sshcontrol"
 gpg_configure_agent_script: "{{ gpg_config_folder }}/gpg-configure-as-ssh-agent.sh"
 
@@ -24,3 +25,8 @@ gpg_agent_config_cache_ttl_ssh: 300
 gpg_agent_config_enable_ssh_support: false
 gpg_agent_config_ignore_cache_for_signing: true
 gpg_agent_config_allow_external_cache: false
+
+gpg_scdaemon_config_driver: ~
+gpg_scdaemon_config_card_timeout: ~
+gpg_scdaemon_config_disable_ccid: false
+gpg_scdaemon_config_pcsc_shared: true

roles/gnupg/tasks/main.yml

@@ -30,7 +30,10 @@
     src: gpg-agent.conf.j2
     dest: "{{ gpg_agent_config_file }}"
 
-# attempt to bootstrap the supplied keys here, so the keygrip can be retrieved
+- name: Configure scdaemon.conf (smartcard daemon)
+  template:
+    src: scdaemon.conf.j2
+    dest: "{{ gpg_scdaemon_config_file }}"
 
 - name: Configure sshcontrol (in order for gpg-agent to act as ssh-agent)
   template:

roles/gnupg/templates/scdaemon.conf.j2

@@ -0,0 +1,12 @@
+{% if gpg_scdaemon_config_disable_ccid | default(false) %}
+disable-ccid
+{% endif %}
+{% if gpg_scdaemon_config_card_timeout | default(false) %}
+card-timeout {{ gpg_scdaemon_config_card_timeout }}
+{% endif %}
+{% if gpg_scdaemon_config_driver | default(false) %}
+pcsc-driver {{ gpg_scdaemon_config_driver }}
+{% endif %}
+{% if gpg_scdaemon_config_pcsc_shared | default(true) %}
+pcsc-shared
+{% endif %}