machine_setup/nix/configuration/roles/gpg/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  # Fetch public keys:
  # gpg --locate-keys tom@fizz.buzz
  #
  # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz

  hardware.gpgSmartcards.enable = true;
  services.udev.packages = [ pkgs.yubikey-personalization ];
  services.pcscd.enable = true;
  # services.gnome.gnome-keyring.enable = true;

  # services.dbus.packages = [ pkgs.gcr ];

  # services.pcscd.plugins = lib.mkForce [ ];

  #   programs.gpg.scdaemonSettings = {
  #   disable-ccid = true;
  # };

  # .gnupg/scdaemon.conf
  home-manager.users.talexander =
    { pkgs, ... }:
    {
      home.file.".gnupg/scdaemon.conf" = {
        source = ./files/scdaemon.conf;
      };
    };

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
    pinentryPackage = pkgs.pinentry-qt;
    # settings = {
    #   disable-ccid = true;
    # };
  };

  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
    hideMounts = true;
    users.talexander = {
      directories = [
        {
          directory = ".gnupg";
          user = "talexander";
          group = "talexander";
          mode = "0700";
        } # Local keyring
      ];
    };
  };

  # nixpkgs.overlays = [
  #   (final: prev: {
  #     pcsclite = prev.pcsclite.overrideAttrs (old: {
  #       postPatch = ''
  #         substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
  #           --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
  #       '';
  #     });
  #   })
  # ];

  # security.polkit.extraConfig = ''
  #   polkit.addRule(function(action, subject) {
  #     if (action.id == "org.debian.pcsc-lite.access_card") {
  #       return polkit.Result.YES;
  #     }
  #   });

  #   polkit.addRule(function(action, subject) {
  #     if (action.id == "org.debian.pcsc-lite.access_pcsc") {
  #       return polkit.Result.YES;
  #     }
  #   });
  # '';

}
Reformat all nix files. 2024-12-20 22:37:44 -05:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
Preserve gpg directory. 2024-12-20 16:50:27 -05:00
			`{`
Reformat all nix files. 2024-12-20 22:37:44 -05:00			`imports = [ ];`
Preserve gpg directory. 2024-12-20 16:50:27 -05:00
			`# Fetch public keys:`
			`# gpg --locate-keys tom@fizz.buzz`
			`#`
			`# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz`

Attempt to fix gpg decrypt with yubikey. Did not succeed. 2024-12-27 09:34:23 -05:00			`hardware.gpgSmartcards.enable = true;`
			`services.udev.packages = [ pkgs.yubikey-personalization ];`
			`services.pcscd.enable = true;`
			`# services.gnome.gnome-keyring.enable = true;`

			`# services.dbus.packages = [ pkgs.gcr ];`

			`# services.pcscd.plugins = lib.mkForce [ ];`

			`# programs.gpg.scdaemonSettings = {`
			`# disable-ccid = true;`
			`# };`

			`# .gnupg/scdaemon.conf`
			`home-manager.users.talexander =`
			`{ pkgs, ... }:`
			`{`
			`home.file.".gnupg/scdaemon.conf" = {`
			`source = ./files/scdaemon.conf;`
			`};`
			`};`

Preserve gpg directory. 2024-12-20 16:50:27 -05:00			`programs.gnupg.agent = {`
			`enable = true;`
			`enableSSHSupport = true;`
Attempt to fix gpg decrypt with yubikey. Did not succeed. 2024-12-27 09:34:23 -05:00			`pinentryPackage = pkgs.pinentry-qt;`
			`# settings = {`
			`# disable-ccid = true;`
			`# };`
Preserve gpg directory. 2024-12-20 16:50:27 -05:00			`};`

Set up waybar and building ISOs. 2024-12-21 10:18:28 -05:00			`environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {`
Preserve gpg directory. 2024-12-20 16:50:27 -05:00			`hideMounts = true;`
			`users.talexander = {`
			`directories = [`
Reformat all nix files. 2024-12-20 22:37:44 -05:00			`{`
			`directory = ".gnupg";`
			`user = "talexander";`
			`group = "talexander";`
			`mode = "0700";`
			`} # Local keyring`
Preserve gpg directory. 2024-12-20 16:50:27 -05:00			`];`
			`};`
			`};`

Attempt to fix gpg decrypt with yubikey. Did not succeed. 2024-12-27 09:34:23 -05:00			`# nixpkgs.overlays = [`
			`# (final: prev: {`
			`# pcsclite = prev.pcsclite.overrideAttrs (old: {`
			`# postPatch = ''`
			`# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \`
			`# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"`
			`# '';`
			`# });`
			`# })`
			`# ];`

			`# security.polkit.extraConfig = ''`
			`# polkit.addRule(function(action, subject) {`
			`# if (action.id == "org.debian.pcsc-lite.access_card") {`
			`# return polkit.Result.YES;`
			`# }`
			`# });`

			`# polkit.addRule(function(action, subject) {`
			`# if (action.id == "org.debian.pcsc-lite.access_pcsc") {`
			`# return polkit.Result.YES;`
			`# }`
			`# });`
			`# '';`

Preserve gpg directory. 2024-12-20 16:50:27 -05:00			`}`