about summary refs log tree commit diff stats
path: root/modules/home.legacy/conf/gpg/default.nix
blob: 1acdf62850aae0e2a41026545925cf1f20bba7ea (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
{
  config,
  pkgs,
  lib,
  ...
}: {
  programs.gpg = {
    enable = true;
    homedir = "${config.xdg.dataHome}/gnupg";
    mutableKeys = true;
    mutableTrust = true;

    settings = {
      default-key = "Benedikt Peetz <benedikt.peetz@b-peetz.de>";
      # TODO: add more
    };

    publicKeys = [
      {
        source = ./keys/key_1.asc;
        trust = "ultimate";
      }
      {
        source = ./keys/key_2.asc;
        trust = "full";
      }
    ];
  };
  services = {
    gpg-agent = {
      enable = true;
      enableZshIntegration = true;
      enableScDaemon = true; # smartcards and such things

      # Cache the key passwords
      defaultCacheTtl = 60 * 50;
      defaultCacheTtlSsh = 60 * 50;
      maxCacheTtl = 60 * 50;
      maxCacheTtlSsh = 60 * 50;

      pinentryPackage = pkgs.pinentry-curses;
      # pinentryPackage = pkgs.pinentry-tty;

      enableSshSupport = true;
      sshKeys = let
        removeSpace = str: builtins.replaceStrings [" "] [""] str;
      in [
        (removeSpace "8321 ED3A 8DB9 99A5 1F3B  F80F F268 2914 EA42 DE26")
      ];
    };
  };

  programs.zsh.initExtraFirst = lib.mkBefore ''
    export GPG_TTY=$(tty)

    # Magic copied from the gpg-agent manual
    unset SSH_AGENT_PID
    if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
        export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
    fi


    # Ensure that get gpg agent is started (necessary because ssh does not start it
    # automatically and has it's tty updated)
    gpg-connect-agent /bye
  '';
}