diff --git a/nix/configuration/roles/gpg/default.nix b/nix/configuration/roles/gpg/default.nix index d4b8262..38dc3ca 100644 --- a/nix/configuration/roles/gpg/default.nix +++ b/nix/configuration/roles/gpg/default.nix @@ -42,53 +42,34 @@ home-manager.users.talexander = { pkgs, ... }: { - # home.file.".gnupg/scdaemon.conf" = { - # source = ./files/scdaemon.conf; - # }; - programs.gpg = { - enable = true; # does this install a user-specific version of gnupg in addition to the system-wide package installed in configuration.nix? - # homedir = "${config.home.homeDirectory}/.gnupg"; - publicKeys = [ - { - source = ./files/gpg.asc; - trust = 5; - } - ]; - settings = { - use-agent = true; # what relation does this have to the settings in configuration.nix and also to the home-manager gpg-agent settings below? - }; - scdaemonSettings = { - disable-ccid = true; # disable gnupg's built-in smartcard reader function in order to default to system's smartcard reader (pcsclite package) - }; - }; - - services.gpg-agent = { - enable = true; - enableSshSupport = true; - enableZshIntegration = true; - enableScDaemon = true; # what relation does this have with the scdaemon setting above and/or in configuration.nix? - pinentryPackage = pkgs.pinentry-qt; - defaultCacheTtl = 60; - maxCacheTtl = 120; - extraConfig = '' - ttyname $GPG_TTY - ''; + home.file.".gnupg/scdaemon.conf" = { + source = ./files/scdaemon.conf; }; }; - # environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { - # hideMounts = true; - # users.talexander = { - # directories = [ - # { - # directory = ".gnupg"; - # user = "talexander"; - # group = "talexander"; - # mode = "0700"; - # } # Local keyring - # ]; - # }; - # }; + # programs.gnupg.dirmngr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-qt; + # settings = { + # disable-ccid = true; + # }; + }; + + environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { + hideMounts = true; + users.talexander = { + directories = [ + { + directory = ".gnupg"; + user = "talexander"; + group = "talexander"; + mode = "0700"; + } # Local keyring + ]; + }; + }; # nixpkgs.overlays = [ # (final: prev: { @@ -141,4 +122,5 @@ # }) # ]; + programs.gnupg.agent.enableExtraSocket = true; } diff --git a/nix/configuration/roles/gpg/files/gpg.asc b/nix/configuration/roles/gpg/files/gpg.asc deleted file mode 100644 index e23cef4..0000000 --- a/nix/configuration/roles/gpg/files/gpg.asc +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0 -0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE -uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC -HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C -uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl -eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A -2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF -XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb -XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL -4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj -wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu -sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo -ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ -QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr -NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB -BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA -JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4 -RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM -rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO -0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh -BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA -/A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi -3aqYpMRxpn2t6Nswax1MIM8DBQ== -=dzEV ------END PGP PUBLIC KEY BLOCK-----