1 files changed, 65 insertions, 0 deletions

diff --git a/hm/soispha/conf/gpg/default.nix b/hm/soispha/conf/gpg/default.nix
new file mode 100644
index 00000000..97334c8f
--- /dev/null
+++ b/hm/soispha/conf/gpg/default.nix
@@ -0,0 +1,65 @@
+{
+  config,
+  nixosConfig,
+  sysLib,
+  pkgs,
+  ...
+}: let
+  agent-program = sysLib.writeShellScriptWithLibrary {
+    name = "onlykey-gpg-agent";
+    src = ./agent-program;
+    dependencies = with pkgs; [
+      python3
+      onlykey-agent
+    ];
+  };
+  settings =
+    if nixosConfig.networking.hostName == "isimud"
+    then {}
+    else {
+      # Hardware-based GPG configuration
+      agent-program = "${agent-program}/bin/onlykey-gpg-agent";
+
+      default-key = "Soispha <soispha@vhack.eu>";
+      # TODO: add more
+    };
+  gpg-agent =
+    if nixosConfig.networking.hostName == "isimud"
+    then {
+      enable = true;
+      enableZshIntegration = true;
+      enableScDaemon = true; # smartcards and such things
+      pinentryFlavor = "tty";
+    }
+    else {
+      enable = false;
+      enableZshIntegration = true;
+      enableScDaemon = true; # smartcards and such things
+      pinentryFlavor = "tty";
+    };
+in {
+  programs.gpg = {
+    enable = true;
+    homedir = "${config.xdg.dataHome}/gnupg/onlykey";
+    mutableKeys = false;
+    mutableTrust = false;
+    inherit settings;
+    publicKeys = [
+      {
+        source = ./keys/key_1;
+        trust = "ultimate";
+      }
+      {
+        source = ./keys/key_2;
+        trust = "ultimate";
+      }
+      {
+        source = ./keys/key_3;
+        trust = "full";
+      }
+    ];
+  };
+  services = {
+    inherit gpg-agent;
+  };
+}