zaphyra's git: nixfiles

zaphyra and void's nixfiles

path: /config/home/zaphyra/programs/gpg.nix 2.63 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
87 
88 
89 
90 
91 
92 
93 
94 
95 
96 
97 
98 
99 
100 
101 
102 
103 
104 
105 
106 
107 
108 
109 
110 
111 
112 
113 
114 
115 
116 
117 
118 
119 
120 
121 
122 
123 
124 
{
  config,
  pkgs,
  lib,
  ...
}:

{

  xdg = {
    desktopEntries = {
      gscriptor = {
        name = "gscriptor";
        settings = {
          NoDisplay = "true";
        };
      };
    };
  };

  home = {
    packages = [ pkgs.pcsctools ];

    sessionVariables = {
      GNUPGHOME = lib.mkForce "$HOME/.gnupg";
    };

    shellAliases = {
      gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye";
    };
  };

  wayland.windowManager.sway.extraConfig = ''
    exec_always 'gpgconf --kill gpg-agent'
  '';

  programs = {
    zsh.initExtra = ''
      export GPG_TTY=$(tty)
      export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
      gpgconf --launch gpg-agent
    '';
    fish.interactiveShellInit = ''
      gpgconf --launch gpg-agent
      set -gx SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
    '';

    gpg = {
      enable = true;
      mutableTrust = true;
      mutableKeys = true;

      publicKeys = [
        # my own key
        {
          trust = 5;
          source = "${pkgs.zaphyra-website}/gpg_pubkey.asc";
        }

        #izzie@haaien.xyz
        {
          trust = 4;
          source = (
            pkgs.fetchurl {
              url = "https://openpgpkey.haaien.xyz/.well-known/openpgpkey/haaien.xyz/hu/jp96shm14rsikewmfdxqyznfr8dpihzu";
              sha256 = "sha256-D5Y8pxxrqxHTAaoxqehwY5VXvnKkKPp+H3IFZuuwJ8U=";
            }
          );
        }

        #hannah@totient.eu
        {
          trust = 4;
          source = (
            pkgs.fetchurl {
              url = "https://keys.openpgp.org/vks/v1/by-fingerprint/AB27F5D1136B20D3149FBCC00389451731A3ADDD";
              sha256 = "sha256-1WPjGcqfhzDJkBDXhcyx1RPm0hggAV94bJNleo8DZvY=";
            }
          );
        }

        # governikus german eid verificaion pubkey
        {
          trust = 3;
          source = (
            pkgs.fetchurl {
              url = "https://www.governikus.de/wp-content/uploads/2023/06/governikusPubKey.asc";
              sha256 = "sha256-eU7g+c2CAYGLxHCRb0qsnL3CvKgK3lWcKcgrS1WFwz0=";
            }
          );
        }

      ];

      settings.keyserver = "hkps://keyserver.ubuntu.com:443";

      scdaemonSettings.disable-ccid = true;
    };

    git.signing = {
      key = "4F1D8CCB";
      signByDefault = true;
    };
  };

  services = {
    gpg-agent = {
      enable = true;
      enableSshSupport = true;
      enableExtraSocket = true;

      pinentry.package = pkgs.pinentry-gnome3;

      defaultCacheTtl = 600;
      defaultCacheTtlSsh = 600;

      sshKeys = [
        "8C11B9BF8B535049F6C87A9CF0C595421E6B8798"
        "29FA1059F28D2ED1C6398F7CFA918605F53786C0"
      ];
    };
  };

}