diff options
Diffstat (limited to 'hm/soispha/conf/gpg')
| -rwxr-xr-x | hm/soispha/conf/gpg/agent-program | 2 | ||||
| -rw-r--r-- | hm/soispha/conf/gpg/default.nix | 65 | ||||
| -rw-r--r-- | hm/soispha/conf/gpg/keys/key_1 | bin | 0 -> 754 bytes | |||
| -rw-r--r-- | hm/soispha/conf/gpg/keys/key_2 | bin | 0 -> 717 bytes | |||
| -rw-r--r-- | hm/soispha/conf/gpg/keys/key_3 | bin | 0 -> 51304 bytes |
5 files changed, 67 insertions, 0 deletions
diff --git a/hm/soispha/conf/gpg/agent-program b/hm/soispha/conf/gpg/agent-program new file mode 100755 index 00000000..e6917db0 --- /dev/null +++ b/hm/soispha/conf/gpg/agent-program @@ -0,0 +1,2 @@ +#!/bin/sh +onlykey-gpg-agent -v --skey-slot=ECC32 --dkey-slot=ECC32 "$@" diff --git a/hm/soispha/conf/gpg/default.nix b/hm/soispha/conf/gpg/default.nix new file mode 100644 index 00000000..97334c8f --- /dev/null +++ b/hm/soispha/conf/gpg/default.nix @@ -0,0 +1,65 @@ +{ + config, + nixosConfig, + sysLib, + pkgs, + ... +}: let + agent-program = sysLib.writeShellScriptWithLibrary { + name = "onlykey-gpg-agent"; + src = ./agent-program; + dependencies = with pkgs; [ + python3 + onlykey-agent + ]; + }; + settings = + if nixosConfig.networking.hostName == "isimud" + then {} + else { + # Hardware-based GPG configuration + agent-program = "${agent-program}/bin/onlykey-gpg-agent"; + + default-key = "Soispha <soispha@vhack.eu>"; + # TODO: add more + }; + gpg-agent = + if nixosConfig.networking.hostName == "isimud" + then { + enable = true; + enableZshIntegration = true; + enableScDaemon = true; # smartcards and such things + pinentryFlavor = "tty"; + } + else { + enable = false; + enableZshIntegration = true; + enableScDaemon = true; # smartcards and such things + pinentryFlavor = "tty"; + }; +in { + programs.gpg = { + enable = true; + homedir = "${config.xdg.dataHome}/gnupg/onlykey"; + mutableKeys = false; + mutableTrust = false; + inherit settings; + publicKeys = [ + { + source = ./keys/key_1; + trust = "ultimate"; + } + { + source = ./keys/key_2; + trust = "ultimate"; + } + { + source = ./keys/key_3; + trust = "full"; + } + ]; + }; + services = { + inherit gpg-agent; + }; +} diff --git a/hm/soispha/conf/gpg/keys/key_1 b/hm/soispha/conf/gpg/keys/key_1 new file mode 100644 index 00000000..b10b8b6c --- /dev/null +++ b/hm/soispha/conf/gpg/keys/key_1 Binary files differdiff --git a/hm/soispha/conf/gpg/keys/key_2 b/hm/soispha/conf/gpg/keys/key_2 new file mode 100644 index 00000000..0b06cf3b --- /dev/null +++ b/hm/soispha/conf/gpg/keys/key_2 Binary files differdiff --git a/hm/soispha/conf/gpg/keys/key_3 b/hm/soispha/conf/gpg/keys/key_3 new file mode 100644 index 00000000..22ffb931 --- /dev/null +++ b/hm/soispha/conf/gpg/keys/key_3 Binary files differ |