diff options
author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-05-12 16:57:04 +0200 |
---|---|---|
committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-05-12 16:57:04 +0200 |
commit | 02d3a05d5ff40f5528bb908cea3947a45df389ca (patch) | |
tree | f5a1ea08f1d2b87d66b47a7044679cdbfb8cda68 /hm/soispha/conf/gpg | |
parent | style(hm/wms/river/init): Accept shfmt's format :( (diff) | |
download | nixos-config-02d3a05d5ff40f5528bb908cea3947a45df389ca.zip |
feat(hm/conf/gpg): Use my gpg key as an ssh key
Diffstat (limited to 'hm/soispha/conf/gpg')
-rw-r--r-- | hm/soispha/conf/gpg/default.nix | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/hm/soispha/conf/gpg/default.nix b/hm/soispha/conf/gpg/default.nix index 53255b9f..2f644422 100644 --- a/hm/soispha/conf/gpg/default.nix +++ b/hm/soispha/conf/gpg/default.nix @@ -1,6 +1,7 @@ { config, pkgs, + lib, ... }: { programs.gpg = { @@ -30,7 +31,37 @@ enable = true; enableZshIntegration = true; enableScDaemon = true; # smartcards and such things - pinentryPackage = pkgs.pinentry-tty; + + # Cache the key passwords + defaultCacheTtl = 60 * 50; + defaultCacheTtlSsh = 60 * 50; + maxCacheTtl = 60 * 50; + maxCacheTtlSsh = 60 * 50; + + pinentryPackage = pkgs.pinentry-curses; + # pinentryPackage = pkgs.pinentry-tty; + + enableSshSupport = true; + sshKeys = let + removeSpace = str: builtins.replaceStrings [" "] [""] str; + in [ + (removeSpace "8321 ED3A 8DB9 99A5 1F3B F80F F268 2914 EA42 DE26") + ]; }; }; + + programs.zsh.initExtraFirst = lib.mkBefore '' + export GPG_TTY=$(tty) + + # Magic copied from the gpg-agent manual + unset SSH_AGENT_PID + if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then + export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" + fi + + + # Ensure that get gpg agent is started (necessary because ssh does not start it + # automatically) + gpg-connect-agent /bye + ''; } |