From 83c9d72afeec33fe32ce2540960d5364f784c801 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hannes=20K=C3=B6rber?= <hannes.koerber@tradebyte.com>
Date: Sat, 30 Jan 2021 21:06:45 +0100
Subject: [PATCH] Make gpg ssh support configurable

---
 _machines/ares.yml                          | 1 +
 _machines/tb-hak.yml                        | 2 ++
 dotfiles.yml                                | 1 +
 gnupg/{gpg-agent.conf => gpg-agent.conf.j2} | 2 ++
 4 files changed, 6 insertions(+)
 rename gnupg/{gpg-agent.conf => gpg-agent.conf.j2} (79%)

diff --git a/_machines/ares.yml b/_machines/ares.yml
index ef313cf..ba9068a 100644
--- a/_machines/ares.yml
+++ b/_machines/ares.yml
@@ -13,6 +13,7 @@ users:
   mail: hannes@hkoerber.de
   git_gpg_sign: false
   gpg_agent: true
+  gpg_agent_for_ssh: true
   gpg_keys:
     master_key: "0xB5C002530C6A2053"
   environment:
diff --git a/_machines/tb-hak.yml b/_machines/tb-hak.yml
index b045d42..d3d09c6 100644
--- a/_machines/tb-hak.yml
+++ b/_machines/tb-hak.yml
@@ -12,6 +12,7 @@ users:
   mail: hannes.koerber@tradebyte.com
   git_gpg_sign: false
   gpg_agent: false
+  gpg_agent_for_ssh: false
   environment:
     MACHINE_HAS_NEXTCLOUD: "false"
 - name: hannes-private
@@ -20,6 +21,7 @@ users:
   mail: hannes@hkoerber.de
   git_gpg_sign: false
   gpg_agent: true
+  gpg_agent_for_ssh: true
   gpg_keys:
     master_key: "0xB5C002530C6A2053"
   environment:
diff --git a/dotfiles.yml b/dotfiles.yml
index 028e88c..a53e912 100644
--- a/dotfiles.yml
+++ b/dotfiles.yml
@@ -14,6 +14,7 @@ dotfiles:
     to: .gnupg/dirmngr.conf
   - from: gnupg/gpg-agent.conf
     to: .gnupg/gpg-agent.conf
+    template: true
   - from: gnupg/gpg.conf
     to: .gnupg/gpg.conf
     template: true
diff --git a/gnupg/gpg-agent.conf b/gnupg/gpg-agent.conf.j2
similarity index 79%
rename from gnupg/gpg-agent.conf
rename to gnupg/gpg-agent.conf.j2
index b9c35df..fb4cf31 100644
--- a/gnupg/gpg-agent.conf
+++ b/gnupg/gpg-agent.conf.j2
@@ -4,6 +4,8 @@ default-cache-ttl-ssh 60480000
 max-cache-ttl 34560000
 max-cache-ttl-ssh 34560000
 
+{% if user.gpg_agent_for_ssh %}
 enable-ssh-support
+{% endif %}
 
 pinentry-program /usr/bin/pinentry-qt