2023-09-26 19:45:31 +00:00
|
|
|
{ pkgs, config, username, ... }:
|
2023-09-15 14:53:38 +00:00
|
|
|
let
|
|
|
|
pinentry =
|
|
|
|
if config.gtk.enable then {
|
2024-06-06 15:17:28 +00:00
|
|
|
packages = [ pkgs.pinentry-gnome3 pkgs.gcr ];
|
2023-09-15 14:53:38 +00:00
|
|
|
name = "gnome3";
|
|
|
|
} else {
|
|
|
|
packages = [ pkgs.pinentry-curses ];
|
|
|
|
name = "curses";
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
2023-09-26 19:56:21 +00:00
|
|
|
home.packages = pinentry.packages;
|
|
|
|
# home.packages = [ pkgs.pinentry-curses ];
|
2023-09-15 14:53:38 +00:00
|
|
|
|
2023-09-25 18:05:07 +00:00
|
|
|
services.gpg-agent = {
|
|
|
|
#TODO: gnupg vs gpg-agent ?
|
2023-09-15 14:53:38 +00:00
|
|
|
enable = true;
|
|
|
|
enableSshSupport = true;
|
2023-09-26 19:56:21 +00:00
|
|
|
# TODO: sshKeys = [ "149F16412997785363112F3DBD713BC91D51B831" ];
|
2024-06-06 15:17:28 +00:00
|
|
|
pinentryPackage = pkgs.pinentry-curses;
|
2023-09-15 14:53:38 +00:00
|
|
|
enableExtraSocket = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
programs =
|
|
|
|
let
|
|
|
|
fixGpg = ''
|
|
|
|
gpgconf --launch gpg-agent
|
|
|
|
'';
|
|
|
|
in
|
|
|
|
{
|
|
|
|
# Start gpg-agent if it's not running or tunneled in
|
|
|
|
# SSH does not start it automatically, so this is needed to avoid having to use a gpg command at startup
|
|
|
|
# https://www.gnupg.org/faq/whats-new-in-2.1.html#autostart
|
|
|
|
bash.profileExtra = fixGpg;
|
|
|
|
fish.loginShellInit = fixGpg;
|
|
|
|
zsh.loginExtra = fixGpg;
|
|
|
|
|
|
|
|
gpg = {
|
|
|
|
enable = true;
|
|
|
|
settings = {
|
|
|
|
trust-model = "tofu+pgp";
|
|
|
|
};
|
|
|
|
publicKeys = [{
|
2023-09-26 19:45:31 +00:00
|
|
|
source = ../users/${username}/pgp.asc;
|
2023-09-15 14:53:38 +00:00
|
|
|
trust = 5;
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.user.services = {
|
|
|
|
# Link /run/user/$UID/gnupg to ~/.gnupg-sockets
|
|
|
|
# So that SSH config does not have to know the UID
|
|
|
|
link-gnupg-sockets = {
|
|
|
|
Unit = {
|
|
|
|
Description = "link gnupg sockets from /run to /home";
|
|
|
|
};
|
|
|
|
Service = {
|
|
|
|
Type = "oneshot";
|
|
|
|
ExecStart = "${pkgs.coreutils}/bin/ln -Tfs /run/user/%U/gnupg %h/.gnupg-sockets";
|
|
|
|
ExecStop = "${pkgs.coreutils}/bin/rm $HOME/.gnupg-sockets";
|
|
|
|
RemainAfterExit = true;
|
|
|
|
};
|
|
|
|
Install.WantedBy = [ "default.target" ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
# vim: filetype=nix
|