Add a script to test fetching PGP keys from a Web Key Directory (WKD).

nix/configuration/configuration.nix

@@ -134,6 +134,7 @@
     tcpdump
     git-crypt
     nix-index-unwrapped
+    gnumake
   ];
 
   services.openssh = {

nix/configuration/roles/docker/default.nix

@@ -13,6 +13,9 @@
     enable = true;
     setSocketVariable = true;
   };
+  environment.systemPackages = with pkgs; [
+    docker-buildx
+  ];
 
   environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
     hideMounts = true;

nix/configuration/roles/gpg/default.nix

@@ -6,6 +6,14 @@
   ...
 }:
 
+let
+  gpg_test_wkd =
+    (pkgs.writeScriptBin "gpg_test_wkd" (builtins.readFile ./files/gpg_test_wkd.bash)).overrideAttrs
+      (old: {
+        buildCommand = "${old.buildCommand}\n patchShebangs $out";
+
+      });
+in
 {
   imports = [ ];
 
@@ -139,6 +147,7 @@
     glibcLocales
     ccid
     libusb-compat-0_1
+    gpg_test_wkd
   ];
 
   # nixpkgs.overlays = [

nix/configuration/roles/gpg/files/gpg_test_wkd.bash

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#
+# Test that we can retrieve a PGP key using Web Key Directory (WKD)
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"