{ config, nixosConfig, sysLib, pkgs, ... }: let agent-program = sysLib.writeShellScript { name = "onlykey-gpg-agent"; src = ./agent-program.sh; dependencies = with pkgs; [ python3 onlykey-agent ]; }; settings = if nixosConfig.networking.hostName == "isimud" then {} else { # Hardware-based GPG configuration agent-program = "${agent-program}/bin/onlykey-gpg-agent"; default-key = "Soispha "; # TODO: add more }; gpg-agent = { enable = nixosConfig.networking.hostName == "isimud"; enableZshIntegration = true; enableScDaemon = true; # smartcards and such things pinentryPackage = pkgs.pinentry-tty; }; in { programs.gpg = { enable = true; homedir = "${config.xdg.dataHome}/gnupg/onlykey"; mutableKeys = false; mutableTrust = false; inherit settings; publicKeys = [ { source = ./keys/key_1; trust = "ultimate"; } { source = ./keys/key_2; trust = "ultimate"; } { source = ./keys/key_3; trust = "full"; } { source = ./keys/key_4; trust = "full"; } ]; }; services = { inherit gpg-agent; }; }