2024-12-20 22:37:44 -05:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
2024-12-29 15:12:31 -05:00
|
|
|
pkgs-unstable,
|
2024-12-20 22:37:44 -05:00
|
|
|
...
|
|
|
|
|
}:
|
2024-12-20 16:50:27 -05:00
|
|
|
|
|
|
|
|
{
|
2024-12-20 22:37:44 -05:00
|
|
|
imports = [ ];
|
2024-12-20 16:50:27 -05:00
|
|
|
|
|
|
|
|
# Fetch public keys:
|
|
|
|
|
# gpg --locate-keys tom@fizz.buzz
|
|
|
|
|
#
|
|
|
|
|
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
|
|
|
|
|
|
2024-12-27 09:34:23 -05:00
|
|
|
hardware.gpgSmartcards.enable = true;
|
|
|
|
|
services.udev.packages = [ pkgs.yubikey-personalization ];
|
|
|
|
|
services.pcscd.enable = true;
|
|
|
|
|
# services.gnome.gnome-keyring.enable = true;
|
|
|
|
|
|
|
|
|
|
# services.dbus.packages = [ pkgs.gcr ];
|
|
|
|
|
|
|
|
|
|
# services.pcscd.plugins = lib.mkForce [ ];
|
|
|
|
|
|
|
|
|
|
# programs.gpg.scdaemonSettings = {
|
|
|
|
|
# disable-ccid = true;
|
|
|
|
|
# };
|
|
|
|
|
|
|
|
|
|
# .gnupg/scdaemon.conf
|
|
|
|
|
home-manager.users.talexander =
|
|
|
|
|
{ pkgs, ... }:
|
|
|
|
|
{
|
|
|
|
|
home.file.".gnupg/scdaemon.conf" = {
|
|
|
|
|
source = ./files/scdaemon.conf;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-27 20:53:43 -05:00
|
|
|
programs.gnupg.dirmngr.enable = true;
|
2024-12-20 16:50:27 -05:00
|
|
|
programs.gnupg.agent = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableSSHSupport = true;
|
2024-12-27 09:34:23 -05:00
|
|
|
pinentryPackage = pkgs.pinentry-qt;
|
|
|
|
|
# settings = {
|
|
|
|
|
# disable-ccid = true;
|
|
|
|
|
# };
|
2024-12-20 16:50:27 -05:00
|
|
|
};
|
|
|
|
|
|
2024-12-21 10:18:28 -05:00
|
|
|
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
|
2024-12-20 16:50:27 -05:00
|
|
|
hideMounts = true;
|
|
|
|
|
users.talexander = {
|
|
|
|
|
directories = [
|
2024-12-20 22:37:44 -05:00
|
|
|
{
|
|
|
|
|
directory = ".gnupg";
|
|
|
|
|
user = "talexander";
|
|
|
|
|
group = "talexander";
|
|
|
|
|
mode = "0700";
|
|
|
|
|
} # Local keyring
|
2024-12-20 16:50:27 -05:00
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-27 09:34:23 -05:00
|
|
|
# nixpkgs.overlays = [
|
|
|
|
|
# (final: prev: {
|
|
|
|
|
# pcsclite = prev.pcsclite.overrideAttrs (old: {
|
|
|
|
|
# postPatch = ''
|
|
|
|
|
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
|
|
|
|
|
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
|
|
|
|
|
# '';
|
|
|
|
|
# });
|
|
|
|
|
# })
|
|
|
|
|
# ];
|
|
|
|
|
|
|
|
|
|
# security.polkit.extraConfig = ''
|
|
|
|
|
# polkit.addRule(function(action, subject) {
|
|
|
|
|
# if (action.id == "org.debian.pcsc-lite.access_card") {
|
|
|
|
|
# return polkit.Result.YES;
|
|
|
|
|
# }
|
|
|
|
|
# });
|
|
|
|
|
|
|
|
|
|
# polkit.addRule(function(action, subject) {
|
|
|
|
|
# if (action.id == "org.debian.pcsc-lite.access_pcsc") {
|
|
|
|
|
# return polkit.Result.YES;
|
|
|
|
|
# }
|
|
|
|
|
# });
|
|
|
|
|
# '';
|
|
|
|
|
|
2024-12-27 20:53:43 -05:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
pcsctools
|
|
|
|
|
];
|
|
|
|
|
|
2024-12-29 15:27:03 -05:00
|
|
|
# nixpkgs.overlays = [
|
|
|
|
|
# (final: prev: {
|
|
|
|
|
# gnupg = pkgs-unstable.gnupg;
|
|
|
|
|
# scdaemon = pkgs-unstable.scdaemon;
|
|
|
|
|
# })
|
|
|
|
|
# ];
|
2024-12-29 15:12:31 -05:00
|
|
|
|
2025-01-01 18:11:14 -05:00
|
|
|
# nixpkgs.overlays = [
|
|
|
|
|
# (final: prev: {
|
|
|
|
|
# gnupg = prev.gnupg.overrideAttrs (old: rec {
|
|
|
|
|
# version = "2.4.7";
|
|
|
|
|
# src = prev.fetchurl {
|
|
|
|
|
# url = "https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-${version}.tar.bz2";
|
|
|
|
|
# hash = "sha256-eyRwbk2n4OOwbKBoIxAnQB8jgQLEHJCWMTSdzDuF60Y=";
|
|
|
|
|
# };
|
|
|
|
|
# });
|
|
|
|
|
# })
|
|
|
|
|
# ];
|
2025-01-01 13:35:29 -05:00
|
|
|
|
2024-12-20 16:50:27 -05:00
|
|
|
}
|
