From 477637ae629f9503724392f29b3a58a8e02091ba Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 12 Jan 2025 18:29:48 -0500
Subject: [PATCH] Add a script to test fetching PGP keys from a Web Key
 Directory (WKD).

---
 nix/configuration/configuration.nix                 | 1 +
 nix/configuration/roles/docker/default.nix          | 3 +++
 nix/configuration/roles/gpg/default.nix             | 9 +++++++++
 nix/configuration/roles/gpg/files/gpg_test_wkd.bash | 8 ++++++++
 4 files changed, 21 insertions(+)
 create mode 100644 nix/configuration/roles/gpg/files/gpg_test_wkd.bash

diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix
index feadb4d..90f318a 100644
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -134,6 +134,7 @@
     tcpdump
     git-crypt
     nix-index-unwrapped
+    gnumake
   ];
 
   services.openssh = {
diff --git a/nix/configuration/roles/docker/default.nix b/nix/configuration/roles/docker/default.nix
index f53af03..7210c31 100644
--- a/nix/configuration/roles/docker/default.nix
+++ b/nix/configuration/roles/docker/default.nix
@@ -13,6 +13,9 @@
     enable = true;
     setSocketVariable = true;
   };
+  environment.systemPackages = with pkgs; [
+    docker-buildx
+  ];
 
   environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
     hideMounts = true;
diff --git a/nix/configuration/roles/gpg/default.nix b/nix/configuration/roles/gpg/default.nix
index b3dcfee..a829ae2 100644
--- a/nix/configuration/roles/gpg/default.nix
+++ b/nix/configuration/roles/gpg/default.nix
@@ -6,6 +6,14 @@
   ...
 }:
 
+let
+  gpg_test_wkd =
+    (pkgs.writeScriptBin "gpg_test_wkd" (builtins.readFile ./files/gpg_test_wkd.bash)).overrideAttrs
+      (old: {
+        buildCommand = "${old.buildCommand}\n patchShebangs $out";
+
+      });
+in
 {
   imports = [ ];
 
@@ -139,6 +147,7 @@
     glibcLocales
     ccid
     libusb-compat-0_1
+    gpg_test_wkd
   ];
 
   # nixpkgs.overlays = [
diff --git a/nix/configuration/roles/gpg/files/gpg_test_wkd.bash b/nix/configuration/roles/gpg/files/gpg_test_wkd.bash
new file mode 100644
index 0000000..6b79a8b
--- /dev/null
+++ b/nix/configuration/roles/gpg/files/gpg_test_wkd.bash
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#
+# Test that we can retrieve a PGP key using Web Key Directory (WKD)
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"