blob: 1acdf62850aae0e2a41026545925cf1f20bba7ea (
plain) (
tree)
|
|
{
config,
pkgs,
lib,
...
}: {
programs.gpg = {
enable = true;
homedir = "${config.xdg.dataHome}/gnupg";
mutableKeys = true;
mutableTrust = true;
settings = {
default-key = "Benedikt Peetz <benedikt.peetz@b-peetz.de>";
# TODO: add more
};
publicKeys = [
{
source = ./keys/key_1.asc;
trust = "ultimate";
}
{
source = ./keys/key_2.asc;
trust = "full";
}
];
};
services = {
gpg-agent = {
enable = true;
enableZshIntegration = true;
enableScDaemon = true; # smartcards and such things
# Cache the key passwords
defaultCacheTtl = 60 * 50;
defaultCacheTtlSsh = 60 * 50;
maxCacheTtl = 60 * 50;
maxCacheTtlSsh = 60 * 50;
pinentryPackage = pkgs.pinentry-curses;
# pinentryPackage = pkgs.pinentry-tty;
enableSshSupport = true;
sshKeys = let
removeSpace = str: builtins.replaceStrings [" "] [""] str;
in [
(removeSpace "8321 ED3A 8DB9 99A5 1F3B F80F F268 2914 EA42 DE26")
];
};
};
programs.zsh.initExtraFirst = lib.mkBefore ''
export GPG_TTY=$(tty)
# Magic copied from the gpg-agent manual
unset SSH_AGENT_PID
if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi
# Ensure that get gpg agent is started (necessary because ssh does not start it
# automatically and has it's tty updated)
gpg-connect-agent /bye
'';
}
|