From 0a608bd781dcda40144097b007fac0a0c60a8ee1 Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 1 Aug 2023 15:31:42 +0200 Subject: Refactor(treewide): Move module configuration in separate files --- home-manager/soispha/config/gpg/default.nix | 65 +++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 home-manager/soispha/config/gpg/default.nix (limited to 'home-manager/soispha/config/gpg/default.nix') diff --git a/home-manager/soispha/config/gpg/default.nix b/home-manager/soispha/config/gpg/default.nix new file mode 100644 index 00000000..52069c94 --- /dev/null +++ b/home-manager/soispha/config/gpg/default.nix @@ -0,0 +1,65 @@ +{ + config, + nixosConfig, + sysLib, + pkgs, + ... +}: let + agent-program = sysLib.writeShellScriptWithLibrary { + name = "onlykey-gpg-agent"; + src = ./agent-program; + dependencies = with pkgs; [ + python3 + onlykey-agent + ]; + }; + settings = + if nixosConfig.networking.hostName == "isimud" + then {} + else { + # Hardware-based GPG configuration + agent-program = "${agent-program}/bin/onlykey-gpg-agent"; + + default-key = "Soispha "; + # TODO add more + }; + gpg-agent = + if nixosConfig.networking.hostName == "isimud" + then { + enable = true; + enableZshIntegration = true; + enableScDaemon = true; # smartcards and such things + pinentryFlavor = "tty"; + } + else { + enable = false; + enableZshIntegration = true; + enableScDaemon = true; # smartcards and such things + pinentryFlavor = "tty"; + }; +in { + programs.gpg = { + enable = true; + homedir = "${config.xdg.dataHome}/gnupg/onlykey"; + mutableKeys = false; + mutableTrust = false; + inherit settings; + publicKeys = [ + { + source = ./keys/key_1; + trust = "ultimate"; + } + { + source = ./keys/key_2; + trust = "ultimate"; + } + { + source = ./keys/key_3; + trust = "full"; + } + ]; + }; + services = { + inherit gpg-agent; + }; +} -- cgit 1.4.1