about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-05-12 16:57:04 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-05-12 16:57:04 +0200
commit02d3a05d5ff40f5528bb908cea3947a45df389ca (patch)
treef5a1ea08f1d2b87d66b47a7044679cdbfb8cda68
parentstyle(hm/wms/river/init): Accept shfmt's format :( (diff)
downloadnixos-config-02d3a05d5ff40f5528bb908cea3947a45df389ca.tar.gz
nixos-config-02d3a05d5ff40f5528bb908cea3947a45df389ca.zip
feat(hm/conf/gpg): Use my gpg key as an ssh key
-rw-r--r--hm/soispha/conf/gpg/default.nix33
-rw-r--r--hm/soispha/conf/ssh/default.nix1
-rw-r--r--hm/soispha/conf/zsh/default.nix4
3 files changed, 34 insertions, 4 deletions
diff --git a/hm/soispha/conf/gpg/default.nix b/hm/soispha/conf/gpg/default.nix
index 53255b9f..2f644422 100644
--- a/hm/soispha/conf/gpg/default.nix
+++ b/hm/soispha/conf/gpg/default.nix
@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  lib,
   ...
 }: {
   programs.gpg = {
@@ -30,7 +31,37 @@
       enable = true;
       enableZshIntegration = true;
       enableScDaemon = true; # smartcards and such things
-      pinentryPackage = pkgs.pinentry-tty;
+
+      # Cache the key passwords
+      defaultCacheTtl = 60 * 50;
+      defaultCacheTtlSsh = 60 * 50;
+      maxCacheTtl = 60 * 50;
+      maxCacheTtlSsh = 60 * 50;
+
+      pinentryPackage = pkgs.pinentry-curses;
+      # pinentryPackage = pkgs.pinentry-tty;
+
+      enableSshSupport = true;
+      sshKeys = let
+        removeSpace = str: builtins.replaceStrings [" "] [""] str;
+      in [
+        (removeSpace "8321 ED3A 8DB9 99A5 1F3B  F80F F268 2914 EA42 DE26")
+      ];
     };
   };
+
+  programs.zsh.initExtraFirst = lib.mkBefore ''
+    export GPG_TTY=$(tty)
+
+    # Magic copied from the gpg-agent manual
+    unset SSH_AGENT_PID
+    if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
+        export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+    fi
+
+
+    # Ensure that get gpg agent is started (necessary because ssh does not start it
+    # automatically)
+    gpg-connect-agent /bye
+  '';
 }
diff --git a/hm/soispha/conf/ssh/default.nix b/hm/soispha/conf/ssh/default.nix
index 1359e4ab..fcce32fd 100644
--- a/hm/soispha/conf/ssh/default.nix
+++ b/hm/soispha/conf/ssh/default.nix
@@ -5,6 +5,7 @@
     hashKnownHosts = false;
     serverAliveInterval = 240;
     userKnownHostsFile = "${config.xdg.dataHome}/ssh/known_hosts";
+
     matchBlocks = {
       "codeberg.org" = {
         # TODO:: Remove this once they fix their ipv6 config
diff --git a/hm/soispha/conf/zsh/default.nix b/hm/soispha/conf/zsh/default.nix
index 1e71f0d5..1bfae07b 100644
--- a/hm/soispha/conf/zsh/default.nix
+++ b/hm/soispha/conf/zsh/default.nix
@@ -39,9 +39,7 @@
     };
 
     loginExtra =
-      ''
-        eval $(ssh-agent -s) > /dev/null # start ssh agent
-      ''
+      ""
       + lib.concatStringsSep "\nsetopt " [
         "setopt AUTO_CD" # This is needed as first item
         "AUTO_PUSHD"