modules/legacy/gpg: Migrate to by-name

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-04-25 13:01:20 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-04-25 13:01:40 +0200
commit: a3771f5d67d5aabb630a3947e08bbadf1a2a09f7 (patch)
tree: 81b102c4573e5240cfc779edcab21687a96be0b8 /modules
parent: update.sh: Don't run `nix flake check` (diff)
download: nixos-config-a3771f5d67d5aabb630a3947e08bbadf1a2a09f7.zip
6 files changed, 80 insertions, 68 deletions
diff --git a/modules/home.legacy/conf/gpg/keys/key_1.asc b/modules/by-name/gp/gpg/keys/key_1.asc
index 795f82af..795f82af 100644
--- a/modules/home.legacy/conf/gpg/keys/key_1.asc
+++ b/modules/by-name/gp/gpg/keys/key_1.asc
diff --git a/modules/home.legacy/conf/gpg/keys/key_2.asc b/modules/by-name/gp/gpg/keys/key_2.asc
index 47188da7..47188da7 100644
--- a/modules/home.legacy/conf/gpg/keys/key_2.asc
+++ b/modules/by-name/gp/gpg/keys/key_2.asc
diff --git a/modules/by-name/gp/gpg/module.nix b/modules/by-name/gp/gpg/module.nix
new file mode 100644
index 00000000..3cfddf1e
--- /dev/null
+++ b/modules/by-name/gp/gpg/module.nix
@@ -0,0 +1,79 @@
+# TODO: Migrate to squoia-sq <2025-04-25>
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.soispha.programs.gpg;
+  homeConfig = config.home-manager.users.soispha;
+in {
+  options.soispha.programs.gpg = {
+    enable = lib.mkEnableOption "gpg";
+  };
+
+  config = lib.mkIf cfg.enable {
+    home-manager.users.soispha = {
+      programs.gpg = {
+        enable = true;
+        homedir = "${homeConfig.xdg.dataHome}/gnupg";
+        mutableKeys = true;
+        mutableTrust = true;
+
+        settings = {
+          default-key = "Benedikt Peetz <benedikt.peetz@b-peetz.de>";
+          # TODO: add more
+        };
+
+        publicKeys = [
+          {
+            source = ./keys/key_1.asc;
+            trust = "ultimate";
+          }
+          {
+            source = ./keys/key_2.asc;
+            trust = "full";
+          }
+        ];
+      };
+      services = {
+        gpg-agent = {
+          enable = true;
+          enableZshIntegration = true;
+          enableScDaemon = true; # smartcards and such things
+
+          # Cache the key passwords
+          defaultCacheTtl = 60 * 50;
+          defaultCacheTtlSsh = 60 * 50;
+          maxCacheTtl = 60 * 50;
+          maxCacheTtlSsh = 60 * 50;
+
+          pinentryPackage = pkgs.pinentry-curses;
+          # pinentryPackage = pkgs.pinentry-tty;
+
+          enableSshSupport = true;
+          sshKeys = let
+            removeSpace = str: builtins.replaceStrings [" "] [""] str;
+          in [
+            (removeSpace "8321 ED3A 8DB9 99A5 1F3B  F80F F268 2914 EA42 DE26")
+          ];
+        };
+      };
+    };
+
+    soispha.programs.zsh.integrations.gpg = ''
+      export GPG_TTY=$(tty)
+
+      # Magic copied from the gpg-agent manual
+      unset SSH_AGENT_PID
+      if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
+          export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+      fi
+
+
+      # Ensure that get gpg agent is started (necessary because ssh does not start it
+      # automatically and has it's tty updated)
+      gpg-connect-agent /bye
+    '';
+  };
+}
diff --git a/modules/common/default.nix b/modules/common/default.nix
index 1c00c710..4e8210b9 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -112,6 +112,7 @@
       imv.enable = true;
       less.enable = true;
       lf.enable = true;
+      gpg.enable = true;
       river = {
         enable = true;
         init = {
diff --git a/modules/home.legacy/conf/default.nix b/modules/home.legacy/conf/default.nix
index 767039c6..b2688a1c 100644
--- a/modules/home.legacy/conf/default.nix
+++ b/modules/home.legacy/conf/default.nix
@@ -5,7 +5,6 @@
     ./btop
     ./dconf
     ./gammastep
-    ./gpg
     ./gtk
     ./himalaya
     ./hyfetch
diff --git a/modules/home.legacy/conf/gpg/default.nix b/modules/home.legacy/conf/gpg/default.nix
deleted file mode 100644
index 1acdf628..00000000
--- a/modules/home.legacy/conf/gpg/default.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  programs.gpg = {
-    enable = true;
-    homedir = "${config.xdg.dataHome}/gnupg";
-    mutableKeys = true;
-    mutableTrust = true;
-
-    settings = {
-      default-key = "Benedikt Peetz <benedikt.peetz@b-peetz.de>";
-      # TODO: add more
-    };
-
-    publicKeys = [
-      {
-        source = ./keys/key_1.asc;
-        trust = "ultimate";
-      }
-      {
-        source = ./keys/key_2.asc;
-        trust = "full";
-      }
-    ];
-  };
-  services = {
-    gpg-agent = {
-      enable = true;
-      enableZshIntegration = true;
-      enableScDaemon = true; # smartcards and such things
-
-      # Cache the key passwords
-      defaultCacheTtl = 60 * 50;
-      defaultCacheTtlSsh = 60 * 50;
-      maxCacheTtl = 60 * 50;
-      maxCacheTtlSsh = 60 * 50;
-
-      pinentryPackage = pkgs.pinentry-curses;
-      # pinentryPackage = pkgs.pinentry-tty;
-
-      enableSshSupport = true;
-      sshKeys = let
-        removeSpace = str: builtins.replaceStrings [" "] [""] str;
-      in [
-        (removeSpace "8321 ED3A 8DB9 99A5 1F3B  F80F F268 2914 EA42 DE26")
-      ];
-    };
-  };
-
-  programs.zsh.initExtraFirst = lib.mkBefore ''
-    export GPG_TTY=$(tty)
-
-    # Magic copied from the gpg-agent manual
-    unset SSH_AGENT_PID
-    if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
-        export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
-    fi
-
-
-    # Ensure that get gpg agent is started (necessary because ssh does not start it
-    # automatically and has it's tty updated)
-    gpg-connect-agent /bye
-  '';
-}
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-04-25 13:01:20 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-04-25 13:01:40 +0200
commit	a3771f5d67d5aabb630a3947e08bbadf1a2a09f7 (patch)
tree	81b102c4573e5240cfc779edcab21687a96be0b8 /modules
parent	update.sh: Don't run `nix flake check` (diff)
download	nixos-config-a3771f5d67d5aabb630a3947e08bbadf1a2a09f7.zip