From 1e0f4a0dbf4592680fc724c620f51932c21fbd07 Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
Date: Mon, 22 Aug 2022 17:04:36 +0200
Subject: [PATCH] feat(gnupg): configure scdaemon.conf

---
 roles/gnupg/defaults/main.yml          |  6 ++++++
 roles/gnupg/tasks/main.yml             |  5 ++++-
 roles/gnupg/templates/scdaemon.conf.j2 | 12 ++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 roles/gnupg/templates/scdaemon.conf.j2

diff --git a/roles/gnupg/defaults/main.yml b/roles/gnupg/defaults/main.yml
index 948ed2b..55b7278 100644
--- a/roles/gnupg/defaults/main.yml
+++ b/roles/gnupg/defaults/main.yml
@@ -3,6 +3,7 @@
 gpg_config_folder: ~/.gnupg
 gpg_config_file: "{{ gpg_config_folder }}/gpg.conf"
 gpg_agent_config_file: "{{ gpg_config_folder }}/gpg-agent.conf"
+gpg_scdaemon_config_file: "{{ gpg_config_folder }}/scdaemon.conf"
 gpg_agent_sshcontrol_file: "{{ gpg_config_folder }}/sshcontrol"
 gpg_configure_agent_script: "{{ gpg_config_folder }}/gpg-configure-as-ssh-agent.sh"
 
@@ -24,3 +25,8 @@ gpg_agent_config_cache_ttl_ssh: 300
 gpg_agent_config_enable_ssh_support: false
 gpg_agent_config_ignore_cache_for_signing: true
 gpg_agent_config_allow_external_cache: false
+
+gpg_scdaemon_config_driver: ~
+gpg_scdaemon_config_card_timeout: ~
+gpg_scdaemon_config_disable_ccid: false
+gpg_scdaemon_config_pcsc_shared: true
diff --git a/roles/gnupg/tasks/main.yml b/roles/gnupg/tasks/main.yml
index 2e5b62e..0da58cd 100644
--- a/roles/gnupg/tasks/main.yml
+++ b/roles/gnupg/tasks/main.yml
@@ -30,7 +30,10 @@
     src: gpg-agent.conf.j2
     dest: "{{ gpg_agent_config_file }}"
 
-# attempt to bootstrap the supplied keys here, so the keygrip can be retrieved
+- name: Configure scdaemon.conf (smartcard daemon)
+  template:
+    src: scdaemon.conf.j2
+    dest: "{{ gpg_scdaemon_config_file }}"
 
 - name: Configure sshcontrol (in order for gpg-agent to act as ssh-agent)
   template:
diff --git a/roles/gnupg/templates/scdaemon.conf.j2 b/roles/gnupg/templates/scdaemon.conf.j2
new file mode 100644
index 0000000..0147380
--- /dev/null
+++ b/roles/gnupg/templates/scdaemon.conf.j2
@@ -0,0 +1,12 @@
+{% if gpg_scdaemon_config_disable_ccid | default(false) %}
+disable-ccid
+{% endif %}
+{% if gpg_scdaemon_config_card_timeout | default(false) %}
+card-timeout {{ gpg_scdaemon_config_card_timeout }}
+{% endif %}
+{% if gpg_scdaemon_config_driver | default(false) %}
+pcsc-driver {{ gpg_scdaemon_config_driver }}
+{% endif %}
+{% if gpg_scdaemon_config_pcsc_shared | default(true) %}
+pcsc-shared
+{% endif %}