about summary refs log tree commit diff stats
path: root/modules/home/soispha/conf/gpg/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/home/soispha/conf/gpg/default.nix')
-rw-r--r--modules/home/soispha/conf/gpg/default.nix67
1 files changed, 67 insertions, 0 deletions
diff --git a/modules/home/soispha/conf/gpg/default.nix b/modules/home/soispha/conf/gpg/default.nix
new file mode 100644
index 00000000..2f644422
--- /dev/null
+++ b/modules/home/soispha/conf/gpg/default.nix
@@ -0,0 +1,67 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  programs.gpg = {
+    enable = true;
+    homedir = "${config.xdg.dataHome}/gnupg";
+    mutableKeys = true;
+    mutableTrust = true;
+
+    settings = {
+      default-key = "Benedikt Peetz <benedikt.peetz@b-peetz.de>";
+      # TODO: add more
+    };
+
+    publicKeys = [
+      {
+        source = ./keys/key_1.asc;
+        trust = "ultimate";
+      }
+      {
+        source = ./keys/key_2.asc;
+        trust = "full";
+      }
+    ];
+  };
+  services = {
+    gpg-agent = {
+      enable = true;
+      enableZshIntegration = true;
+      enableScDaemon = true; # smartcards and such things
+
+      # Cache the key passwords
+      defaultCacheTtl = 60 * 50;
+      defaultCacheTtlSsh = 60 * 50;
+      maxCacheTtl = 60 * 50;
+      maxCacheTtlSsh = 60 * 50;
+
+      pinentryPackage = pkgs.pinentry-curses;
+      # pinentryPackage = pkgs.pinentry-tty;
+
+      enableSshSupport = true;
+      sshKeys = let
+        removeSpace = str: builtins.replaceStrings [" "] [""] str;
+      in [
+        (removeSpace "8321 ED3A 8DB9 99A5 1F3B  F80F F268 2914 EA42 DE26")
+      ];
+    };
+  };
+
+  programs.zsh.initExtraFirst = lib.mkBefore ''
+    export GPG_TTY=$(tty)
+
+    # Magic copied from the gpg-agent manual
+    unset SSH_AGENT_PID
+    if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
+        export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+    fi
+
+
+    # Ensure that get gpg agent is started (necessary because ssh does not start it
+    # automatically)
+    gpg-connect-agent /bye
+  '';
+}