gpg.nix - nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
{
  inputs,
  lib,
  pkgs,
  ...
}:

{

  xdg = {
    desktopEntries = {
      gscriptor = {
        name = "gscriptor";
        settings = {
          NoDisplay = "true";
        };
      };
    };
  };

  home = {
    packages = [ pkgs.pcsctools ];

    sessionVariables = {
      GNUPGHOME = lib.mkForce "$HOME/.gnupg";
    };

    shellAliases = {
      gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye";
    };
  };

  wayland.windowManager.sway.extraConfig = ''
    exec_always 'gpgconf --kill gpg-agent'
  '';

  programs = {
    zsh.initExtra = ''
      export GPG_TTY=$(tty)
      export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
      gpgconf --launch gpg-agent
    '';
    fish.interactiveShellInit = ''
      gpgconf --launch gpg-agent
      set -gx SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
    '';

    gpg = {
      enable = true;
      mutableTrust = true;
      mutableKeys = true;
      settings.keyserver = "hkps://keyserver.ubuntu.com:443";
      scdaemonSettings.disable-ccid = true;
    };

    git.signing = {
      format = "openpgp";
      signByDefault = true;
      key = "95F0FE7CD7E6A022";
    };
  };

  services = {
    gpg-agent = {
      enable = true;
      enableSshSupport = true;
      enableExtraSocket = true;

      pinentry.package = pkgs.pinentry-gnome3;

      defaultCacheTtl = 600;
      defaultCacheTtlSsh = 600;

      sshKeys = [
        # katja@ctu.cx
        "0FA22A1EADBBE75767686D2C3778D14F1A267146"
        # katja@zaphyra.eu
        "595A90924C65444EF00F0890BA85DE2A57DD79B2"
      ];
    };
  };

}