Switching to a home-manager config did not fix it.

2025-01-02 10:27:21 -05:00 · 2025-01-02 10:27:21 -05:00 · 4599b38ebf
commit 4599b38ebf
parent 04a95a2543
2 changed files with 71 additions and 26 deletions
--- a/nix/configuration/roles/gpg/default.nix
+++ b/nix/configuration/roles/gpg/default.nix
@ -42,35 +42,54 @@
  home-manager.users.talexander =
    { pkgs, ... }:
    {
-      home.file.".gnupg/scdaemon.conf" = {
+      # home.file.".gnupg/scdaemon.conf" = {
-        source = ./files/scdaemon.conf;
+      #   source = ./files/scdaemon.conf;
      };
    };
  # programs.gnupg.dirmngr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
    pinentryPackage = pkgs.pinentry-qt;
    # settings = {
    #   disable-ccid = true;
      # };
      programs.gpg = {
        enable = true; # does this install a user-specific version of gnupg in addition to the system-wide package installed in configuration.nix?
        # homedir = "${config.home.homeDirectory}/.gnupg";
        publicKeys = [
          {
            source = ./files/gpg.asc;
            trust = 5;
          }
        ];
        settings = {
          use-agent = true; # what relation does this have to the settings in configuration.nix and also to the home-manager gpg-agent settings below?
        };
        scdaemonSettings = {
          disable-ccid = true; # disable gnupg's built-in smartcard reader function in order to default to system's smartcard reader (pcsclite package)
        };
      };
-  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
+      services.gpg-agent = {
-    hideMounts = true;
+        enable = true;
-    users.talexander = {
+        enableSshSupport = true;
-      directories = [
+        enableZshIntegration = true;
-        {
+        enableScDaemon = true; # what relation does this have with the scdaemon setting above and/or in configuration.nix?
-          directory = ".gnupg";
+        pinentryPackage = pkgs.pinentry-qt;
-          user = "talexander";
+        defaultCacheTtl = 60;
-          group = "talexander";
+        maxCacheTtl = 120;
-          mode = "0700";
+        extraConfig = ''
-        } # Local keyring
+          ttyname $GPG_TTY
-      ];
+        '';
      };
    };
  # environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
  #   hideMounts = true;
  #   users.talexander = {
  #     directories = [
  #       {
  #         directory = ".gnupg";
  #         user = "talexander";
  #         group = "talexander";
  #         mode = "0700";
  #       } # Local keyring
  #     ];
  #   };
  # };
  # nixpkgs.overlays = [
  #   (final: prev: {
  #     pcsclite = prev.pcsclite.overrideAttrs (old: {
@ -122,5 +141,4 @@
  #   })
  # ];
  programs.gnupg.agent.enableExtraSocket = true;
 }
--- a/nix/configuration/roles/gpg/files/gpg.asc
+++ b/nix/configuration/roles/gpg/files/gpg.asc
@ -0,0 +1,27 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
 0H+RsWG0HlRvbSBBbGV4YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEE
 uEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
 HgECF4AACgkQJ95A2bhFXBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0C
 uU4m1/MA+gPDKME7syEtJsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB1Ub20gQWxl
 eGFuZGVyIDx0b21AZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
 2bhFXBsFAl2cFhoCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQJ95A2bhF
 XBvYJQEA19wc2s/bEKcnHONC3i8UikLFqZXyYoH6/MFjoAteU8sBAKpE7Qq0zbJb
 XWRESzK3u6p7/+kUqOeDltAuKXTe1FAGuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL
 4EGg4T5JO9q2kpVDy2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNj
 wod5F5VL4SfeQNm4RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAu
 sSUWutOhecmlPA7eBQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REo
 ASPF3l4YAAjOHsXqcPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQ
 QG+gAwkQJ95A2bhFXBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2Zr
 NnkBAKYOM+pz/pncFnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYB
 BAHaRw8BAQdAa76TmWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggA
 JgIbIBYhBLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4
 RVwb8TkA/RkBu9Ev8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkM
 rTbb1GMbvYnkeOrBs/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO
 0t3BUxLuokTqKVcheFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYh
 BLhIFZNjwod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA
 /A8zRRTCwQKxJ8iz5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi
 3aqYpMRxpn2t6Nswax1MIM8DBQ==
 =dzEV
 -----END PGP PUBLIC KEY BLOCK-----