{ config, nixosConfig, sysLib, pkgs, ... }: let agent-program = sysLib.writeShellScriptWithLibrary { name = "onlykey-gpg-agent"; src = ./agent-program; dependencies = with pkgs; [ python3 onlykey-agent ]; }; settings = if nixosConfig.networking.hostName == "isimud" then {} else { # Hardware-based GPG configuration agent-program = "${agent-program}/bin/onlykey-gpg-agent"; default-key = "Soispha <soispha@vhack.eu>"; # TODO: add more }; gpg-agent = if nixosConfig.networking.hostName == "isimud" then { enable = true; enableZshIntegration = true; enableScDaemon = true; # smartcards and such things pinentryFlavor = "tty"; } else { enable = false; enableZshIntegration = true; enableScDaemon = true; # smartcards and such things pinentryFlavor = "tty"; }; in { programs.gpg = { enable = true; homedir = "${config.xdg.dataHome}/gnupg/onlykey"; mutableKeys = false; mutableTrust = false; inherit settings; publicKeys = [ { source = ./keys/key_1; trust = "ultimate"; } { source = ./keys/key_2; trust = "ultimate"; } { source = ./keys/key_3; trust = "full"; } { source = ./keys/key_4; trust = "full"; } ]; }; services = { inherit gpg-agent; }; }