From 0a608bd781dcda40144097b007fac0a0c60a8ee1 Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 1 Aug 2023 15:31:42 +0200 Subject: Refactor(treewide): Move module configuration in separate files --- home-manager/soispha/config/gpg/agent-program | 2 + home-manager/soispha/config/gpg/default.nix | 65 ++++++++++++++++++++++++++ home-manager/soispha/config/gpg/keys/key_1 | Bin 0 -> 754 bytes home-manager/soispha/config/gpg/keys/key_2 | Bin 0 -> 717 bytes home-manager/soispha/config/gpg/keys/key_3 | Bin 0 -> 51304 bytes 5 files changed, 67 insertions(+) create mode 100755 home-manager/soispha/config/gpg/agent-program create mode 100644 home-manager/soispha/config/gpg/default.nix create mode 100644 home-manager/soispha/config/gpg/keys/key_1 create mode 100644 home-manager/soispha/config/gpg/keys/key_2 create mode 100644 home-manager/soispha/config/gpg/keys/key_3 (limited to 'home-manager/soispha/config/gpg') diff --git a/home-manager/soispha/config/gpg/agent-program b/home-manager/soispha/config/gpg/agent-program new file mode 100755 index 00000000..e6917db0 --- /dev/null +++ b/home-manager/soispha/config/gpg/agent-program @@ -0,0 +1,2 @@ +#!/bin/sh +onlykey-gpg-agent -v --skey-slot=ECC32 --dkey-slot=ECC32 "$@" diff --git a/home-manager/soispha/config/gpg/default.nix b/home-manager/soispha/config/gpg/default.nix new file mode 100644 index 00000000..52069c94 --- /dev/null +++ b/home-manager/soispha/config/gpg/default.nix @@ -0,0 +1,65 @@ +{ + config, + nixosConfig, + sysLib, + pkgs, + ... +}: let + agent-program = sysLib.writeShellScriptWithLibrary { + name = "onlykey-gpg-agent"; + src = ./agent-program; + dependencies = with pkgs; [ + python3 + onlykey-agent + ]; + }; + settings = + if nixosConfig.networking.hostName == "isimud" + then {} + else { + # Hardware-based GPG configuration + agent-program = "${agent-program}/bin/onlykey-gpg-agent"; + + default-key = "Soispha "; + # TODO add more + }; + gpg-agent = + if nixosConfig.networking.hostName == "isimud" + then { + enable = true; + enableZshIntegration = true; + enableScDaemon = true; # smartcards and such things + pinentryFlavor = "tty"; + } + else { + enable = false; + enableZshIntegration = true; + enableScDaemon = true; # smartcards and such things + pinentryFlavor = "tty"; + }; +in { + programs.gpg = { + enable = true; + homedir = "${config.xdg.dataHome}/gnupg/onlykey"; + mutableKeys = false; + mutableTrust = false; + inherit settings; + publicKeys = [ + { + source = ./keys/key_1; + trust = "ultimate"; + } + { + source = ./keys/key_2; + trust = "ultimate"; + } + { + source = ./keys/key_3; + trust = "full"; + } + ]; + }; + services = { + inherit gpg-agent; + }; +} diff --git a/home-manager/soispha/config/gpg/keys/key_1 b/home-manager/soispha/config/gpg/keys/key_1 new file mode 100644 index 00000000..b10b8b6c Binary files /dev/null and b/home-manager/soispha/config/gpg/keys/key_1 differ diff --git a/home-manager/soispha/config/gpg/keys/key_2 b/home-manager/soispha/config/gpg/keys/key_2 new file mode 100644 index 00000000..0b06cf3b Binary files /dev/null and b/home-manager/soispha/config/gpg/keys/key_2 differ diff --git a/home-manager/soispha/config/gpg/keys/key_3 b/home-manager/soispha/config/gpg/keys/key_3 new file mode 100644 index 00000000..22ffb931 Binary files /dev/null and b/home-manager/soispha/config/gpg/keys/key_3 differ -- cgit 1.4.1