feat: configure split-gpg2 server

For: https://github.com/ben-grande/dotfiles/pull/1
2025-02-26 09:41:14 -05:00 · 2025-01-09 17:45:59 +01:00 · 2025-01-09 17:45:59 +01:00 · f50d044b5c
commit f50d044b5c
parent ca5ef5cb94
2 changed files with 35 additions and 1 deletions
--- a/salt/sys-pgp/configure.sls
+++ b/salt/sys-pgp/configure.sls
@ -1,14 +1,33 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>

 SPDX-License-Identifier: AGPL-3.0-or-later
 #}

 {% if grains['nodename'] != 'dom0' -%}

+{%- import "dom0/gui-user.jinja" as gui_user -%}
+
 include:
  - dev.home-cleanup
  - dotfiles.copy-sh
  - dotfiles.copy-pgp

+"{{ slsdotpath }}-split-gpg2-conf.d":
+  file.directory:
+    - name: {{ gui_user.gui_user_home }}/.config/qubes-split-gpg2/conf.d
+    - mode: "0700"
+    - user: {{ gui_user.gui_user }}
+    - group: {{ gui_user.gui_user }}
+    - makedirs: True
+
+"{{ slsdotpath }}-split-gpg2-conf":
+  file.managed:
+    - name: {{ gui_user.gui_user_home }}/.config/qubes-split-gpg2/qubes-split-gpg2.conf
+    - source: salt://{{ slsdotpath }}/files/server/qubes-split-gpg2.conf
+    - mode: "0600"
+    - user: {{ gui_user.gui_user }}
+    - group: {{ gui_user.gui_user }}
+    - makedirs: True
+
 {% endif -%}
--- a/salt/sys-pgp/files/server/qubes-split-gpg2.conf
+++ b/salt/sys-pgp/files/server/qubes-split-gpg2.conf
@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# vim: ft=toml
+
+[DEFAULT]
+autoaccept = 86400
+pksign_autoaccept = 86400
+pkdecrypt_autoaccept = 86400
+verbose_notifications = no
+allow_keygen = no
+#gnupghome =
+isolated_gnupghome_dirs = ~/.gnupg/split-gpg
+#debug_log =
+#source_keyring_dir =