commit fd8c10c3500c88886727f4803442f0676b062448
parent 4beae76e81aade5a0a4387792ebc148c00889f9e
Author: Leah (ctucx) <leah@ctu.cx>
Date: Thu, 16 Jun 2022 20:46:14 +0200
parent 4beae76e81aade5a0a4387792ebc148c00889f9e
Author: Leah (ctucx) <leah@ctu.cx>
Date: Thu, 16 Jun 2022 20:46:14 +0200
configurations: move yubikey -> programs/cli/gpg
5 files changed, 104 insertions(+), 91 deletions(-)
A
|
101
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D
|
86
-------------------------------------------------------------------------------
diff --git a/configurations/desktop-sway.nix b/configurations/desktop-sway.nix @@ -48,7 +48,7 @@ ./programs/systemd-lock-handler.nix - ./yubikey.nix + ./programs/cli/gpg.nix ./programs/cli/password-store.nix ./services/pipewire.nix
diff --git a/configurations/programs/cli/gpg.nix b/configurations/programs/cli/gpg.nix @@ -0,0 +1,101 @@ +{ config, pkgs, lib, ... }: + +{ + services = { + pcscd.enable = (if pkgs.stdenv.isLinux then true else false); + udev.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ libu2f-host yubikey-personalization ]) else []); + dbus.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ gcr ]) else []); + }; + + home-manager.users.leah = { + home = { + packages = lib.mkIf pkgs.stdenv.isLinux [ pkgs.pcsctools ]; + + sessionVariables = { + GNUPGHOME = "$HOME/.gnupg"; + SSH_AUTH_SOCK = ( + if pkgs.stdenv.isLinux then + "/run/user/1000/gnupg/S.gpg-agent.ssh" + else + null + ); + }; + + file = lib.mkIf pkgs.stdenv.isDarwin { + ".gnupg/gpg-agent.conf".text = '' + enable-ssh-support + pinentry-program ${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac + ''; + }; + }; + + wayland.windowManager.sway.extraConfig = '' + exec_always 'gpgconf --kill gpg-agent' + ''; + + programs = { + gpg = { + enable = true; + mutableTrust = false; + mutableKeys = false; + + publicKeys = [ + + # my own key + { + trust = "ultimate"; + source = (pkgs.fetchurl { + url = "https://ctu.cx/gpg_pubkey.asc"; + sha256 = "sha256-xsLpZkcTDPpXrX9gRki5z13KxwBDznJr/mn9MZIo5CQ"; + }); + } + + ]; + + settings = { + keyserver = "hkps://keyserver.ubuntu.com:443"; + }; + + scdaemonSettings = { + disable-ccid = true; + }; + }; + + git = { + signing = { + key = "725B65F21DB1C2C4"; + signByDefault = true; + }; + }; + + bash = { + initExtra = lib.mkIf pkgs.stdenv.isDarwin '' + export GPG_TTY=$(tty) + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) + gpgconf --launch gpg-agent + ''; + + shellAliases = { + gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye"; + }; + }; + }; + + services = lib.mkIf pkgs.stdenv.isLinux { + gpg-agent = { + enable = true; + enableSshSupport = true; + enableExtraSocket = true; + + pinentryFlavor = "gnome3"; + + defaultCacheTtl = 600; + defaultCacheTtlSsh = 600; + + sshKeys = [ + "8C11B9BF8B535049F6C87A9CF0C595421E6B8798" + ]; + }; + }; + }; +}
diff --git a/configurations/yubikey.nix b/configurations/yubikey.nix @@ -1,86 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services = { - pcscd.enable = (if pkgs.stdenv.isLinux then true else false); - udev.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ libu2f-host yubikey-personalization ]) else []); - dbus.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ gcr ]) else []); - }; - - home-manager.users.leah = { - home = { - packages = lib.mkIf pkgs.stdenv.isLinux [ pkgs.pcsctools ]; - - sessionVariables = { - GNUPGHOME = "$HOME/.gnupg"; - SSH_AUTH_SOCK = ( - if pkgs.stdenv.isLinux then - "/run/user/1000/gnupg/S.gpg-agent.ssh" - else - null - ); - }; - - file = lib.mkIf pkgs.stdenv.isDarwin { - ".gnupg/gpg-agent.conf".text = '' - enable-ssh-support - pinentry-program ${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac - ''; - }; - }; - - wayland.windowManager.sway.extraConfig = '' - exec_always 'gpgconf --kill gpg-agent' - ''; - - programs = { - gpg = { - enable = true; - - settings = { - keyserver = "hkps://keyserver.ubuntu.com:443"; - }; - - scdaemonSettings = { - disable-ccid = true; - }; - }; - - git = { - signing = { - key = "725B65F21DB1C2C4"; - signByDefault = true; - }; - }; - - bash = { - initExtra = lib.mkIf pkgs.stdenv.isDarwin '' - export GPG_TTY=$(tty) - export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) - gpgconf --launch gpg-agent - ''; - - shellAliases = { - gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye"; - }; - }; - }; - - services = lib.mkIf pkgs.stdenv.isLinux { - gpg-agent = { - enable = true; - enableSshSupport = true; - enableExtraSocket = true; - - pinentryFlavor = "gnome3"; - - defaultCacheTtl = 600; - defaultCacheTtlSsh = 600; - - sshKeys = [ - "8C11B9BF8B535049F6C87A9CF0C595421E6B8798" - ]; - }; - }; - }; -}
diff --git a/machines/blechbuechse/darwin-configuration.nix b/machines/blechbuechse/darwin-configuration.nix @@ -12,8 +12,6 @@ in { ../../modules/darwin/quirks.nix ../../helpers/make-nixpkgs.nix - ../../configurations/yubikey.nix - ../../configurations/darwin/nixpkgs-overrides.nix ../../configurations/darwin/systemSettings.nix ../../configurations/darwin/appSettings.nix @@ -31,6 +29,7 @@ in { ../../configurations/programs/cli/git.nix ../../configurations/programs/cli/tmux.nix ../../configurations/programs/cli/htop.nix + ../../configurations/programs/cli/gpg.nix ../../configurations/programs/cli/password-store.nix ../../configurations/programs/cli/texlive.nix ../../configurations/programs/cli/utilities.nix
diff --git a/machines/blechkasten/darwin-configuration.nix b/machines/blechkasten/darwin-configuration.nix @@ -12,8 +12,6 @@ in { ../../modules/darwin/quirks.nix ../../helpers/make-nixpkgs.nix - ../../configurations/yubikey.nix - ../../configurations/darwin/nixpkgs-overrides.nix ../../configurations/darwin/systemSettings.nix ../../configurations/darwin/appSettings.nix @@ -31,6 +29,7 @@ in { ../../configurations/programs/cli/git.nix ../../configurations/programs/cli/tmux.nix ../../configurations/programs/cli/htop.nix + ../../configurations/programs/cli/gpg.nix ../../configurations/programs/cli/password-store.nix ../../configurations/programs/cli/texlive.nix ../../configurations/programs/cli/utilities.nix