diff options
| -rw-r--r-- | hm/soispha/conf/gpg/default.nix | 33 | ||||
| -rw-r--r-- | hm/soispha/conf/ssh/default.nix | 1 | ||||
| -rw-r--r-- | hm/soispha/conf/zsh/default.nix | 4 |
3 files changed, 34 insertions, 4 deletions
diff --git a/hm/soispha/conf/gpg/default.nix b/hm/soispha/conf/gpg/default.nix index 53255b9f..2f644422 100644 --- a/hm/soispha/conf/gpg/default.nix +++ b/hm/soispha/conf/gpg/default.nix @@ -1,6 +1,7 @@ { config, pkgs, + lib, ... }: { programs.gpg = { @@ -30,7 +31,37 @@ enable = true; enableZshIntegration = true; enableScDaemon = true; # smartcards and such things - pinentryPackage = pkgs.pinentry-tty; + + # Cache the key passwords + defaultCacheTtl = 60 * 50; + defaultCacheTtlSsh = 60 * 50; + maxCacheTtl = 60 * 50; + maxCacheTtlSsh = 60 * 50; + + pinentryPackage = pkgs.pinentry-curses; + # pinentryPackage = pkgs.pinentry-tty; + + enableSshSupport = true; + sshKeys = let + removeSpace = str: builtins.replaceStrings [" "] [""] str; + in [ + (removeSpace "8321 ED3A 8DB9 99A5 1F3B F80F F268 2914 EA42 DE26") + ]; }; }; + + programs.zsh.initExtraFirst = lib.mkBefore '' + export GPG_TTY=$(tty) + + # Magic copied from the gpg-agent manual + unset SSH_AGENT_PID + if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then + export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" + fi + + + # Ensure that get gpg agent is started (necessary because ssh does not start it + # automatically) + gpg-connect-agent /bye + ''; } diff --git a/hm/soispha/conf/ssh/default.nix b/hm/soispha/conf/ssh/default.nix index 1359e4ab..fcce32fd 100644 --- a/hm/soispha/conf/ssh/default.nix +++ b/hm/soispha/conf/ssh/default.nix @@ -5,6 +5,7 @@ hashKnownHosts = false; serverAliveInterval = 240; userKnownHostsFile = "${config.xdg.dataHome}/ssh/known_hosts"; + matchBlocks = { "codeberg.org" = { # TODO:: Remove this once they fix their ipv6 config diff --git a/hm/soispha/conf/zsh/default.nix b/hm/soispha/conf/zsh/default.nix index 1e71f0d5..1bfae07b 100644 --- a/hm/soispha/conf/zsh/default.nix +++ b/hm/soispha/conf/zsh/default.nix @@ -39,9 +39,7 @@ }; loginExtra = - '' - eval $(ssh-agent -s) > /dev/null # start ssh agent - '' + "" + lib.concatStringsSep "\nsetopt " [ "setopt AUTO_CD" # This is needed as first item "AUTO_PUSHD" |