From fd9b0ecef4142a62b45404700ba1cff488f84a73 Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Thu, 23 May 2024 13:31:11 +0200 Subject: refactor(modules/home): Setup as "normal" NixOS module --- modules/home/conf/gpg/default.nix | 67 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 modules/home/conf/gpg/default.nix (limited to 'modules/home/conf/gpg/default.nix') diff --git a/modules/home/conf/gpg/default.nix b/modules/home/conf/gpg/default.nix new file mode 100644 index 00000000..1acdf628 --- /dev/null +++ b/modules/home/conf/gpg/default.nix @@ -0,0 +1,67 @@ +{ + config, + pkgs, + lib, + ... +}: { + programs.gpg = { + enable = true; + homedir = "${config.xdg.dataHome}/gnupg"; + mutableKeys = true; + mutableTrust = true; + + settings = { + default-key = "Benedikt Peetz "; + # TODO: add more + }; + + publicKeys = [ + { + source = ./keys/key_1.asc; + trust = "ultimate"; + } + { + source = ./keys/key_2.asc; + trust = "full"; + } + ]; + }; + services = { + gpg-agent = { + enable = true; + enableZshIntegration = true; + enableScDaemon = true; # smartcards and such things + + # Cache the key passwords + defaultCacheTtl = 60 * 50; + defaultCacheTtlSsh = 60 * 50; + maxCacheTtl = 60 * 50; + maxCacheTtlSsh = 60 * 50; + + pinentryPackage = pkgs.pinentry-curses; + # pinentryPackage = pkgs.pinentry-tty; + + enableSshSupport = true; + sshKeys = let + removeSpace = str: builtins.replaceStrings [" "] [""] str; + in [ + (removeSpace "8321 ED3A 8DB9 99A5 1F3B F80F F268 2914 EA42 DE26") + ]; + }; + }; + + programs.zsh.initExtraFirst = lib.mkBefore '' + export GPG_TTY=$(tty) + + # Magic copied from the gpg-agent manual + unset SSH_AGENT_PID + if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then + export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" + fi + + + # Ensure that get gpg agent is started (necessary because ssh does not start it + # automatically and has it's tty updated) + gpg-connect-agent /bye + ''; +} -- cgit 1.4.1