diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/by-name/gp/gpg/keys/key_1.asc (renamed from modules/home.legacy/conf/gpg/keys/key_1.asc) | 10 | ||||
| -rw-r--r-- | modules/by-name/gp/gpg/keys/key_2.asc (renamed from modules/home.legacy/conf/gpg/keys/key_2.asc) | 10 | ||||
| -rw-r--r-- | modules/by-name/gp/gpg/module.nix | 90 |
3 files changed, 110 insertions, 0 deletions
diff --git a/modules/home.legacy/conf/gpg/keys/key_1.asc b/modules/by-name/gp/gpg/keys/key_1.asc index 795f82af..f29184d8 100644 --- a/modules/home.legacy/conf/gpg/keys/key_1.asc +++ b/modules/by-name/gp/gpg/keys/key_1.asc @@ -1,3 +1,13 @@ +// nixos-config - My current NixOS configuration +// +// Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +// SPDX-License-Identifier: GPL-3.0-or-later +// +// This file is part of my nixos-config. +// +// You should have received a copy of the License along with this program. +// If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. + -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: 8321 ED3A 8DB9 99A5 1F3B F80F F268 2914 EA42 DE26 Comment: Benedikt Peetz <benedikt.peetz@b-peetz.de> diff --git a/modules/home.legacy/conf/gpg/keys/key_2.asc b/modules/by-name/gp/gpg/keys/key_2.asc index 47188da7..7433a3f2 100644 --- a/modules/home.legacy/conf/gpg/keys/key_2.asc +++ b/modules/by-name/gp/gpg/keys/key_2.asc @@ -1,3 +1,13 @@ +// nixos-config - My current NixOS configuration +// +// Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +// SPDX-License-Identifier: GPL-3.0-or-later +// +// This file is part of my nixos-config. +// +// You should have received a copy of the License along with this program. +// If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. + -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: 2FEA 7BDB 9171 70A7 B8E7 2001 DF18 78E6 D9C3 B27F Comment: Silas <sils@sils.li> diff --git a/modules/by-name/gp/gpg/module.nix b/modules/by-name/gp/gpg/module.nix new file mode 100644 index 00000000..89d7b356 --- /dev/null +++ b/modules/by-name/gp/gpg/module.nix @@ -0,0 +1,90 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de> +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>. +# TODO: Migrate to squoia-sq <2025-04-25> +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.soispha.programs.gpg; + homeConfig = config.home-manager.users.soispha; +in { + options.soispha.programs.gpg = { + enable = lib.mkEnableOption "gpg"; + }; + + config = lib.mkIf cfg.enable { + home-manager.users.soispha = { + programs.gpg = { + enable = true; + homedir = "${homeConfig.xdg.dataHome}/gnupg"; + mutableKeys = true; + mutableTrust = true; + + settings = { + default-key = "Benedikt Peetz <benedikt.peetz@b-peetz.de>"; + # TODO: add more + }; + + publicKeys = [ + { + source = ./keys/key_1.asc; + trust = "ultimate"; + } + { + source = ./keys/key_2.asc; + trust = "full"; + } + ]; + }; + services = { + gpg-agent = { + enable = true; + enableZshIntegration = true; + enableScDaemon = true; # smartcards and such things + + # Cache the key passwords + defaultCacheTtl = 60 * 50; + defaultCacheTtlSsh = 60 * 50; + maxCacheTtl = 60 * 50; + maxCacheTtlSsh = 60 * 50; + + pinentry = { + package = pkgs.pinentry-curses; + # package = pkgs.pinentry-tty; + }; + + enableSshSupport = true; + sshKeys = let + removeSpace = str: builtins.replaceStrings [" "] [""] str; + in [ + (removeSpace "8321 ED3A 8DB9 99A5 1F3B F80F F268 2914 EA42 DE26") + ]; + }; + }; + }; + + soispha.programs.zsh.integrations.gpg = '' + export GPG_TTY=$(tty) + + # Magic copied from the gpg-agent manual + unset SSH_AGENT_PID + if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then + export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" + fi + + + # Ensure that get gpg agent is started (necessary because ssh does not start it + # automatically and has it's tty updated) + gpg-connect-agent /bye + ''; + }; +} |