diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix index f081d73..b02c7cf 100644 --- a/modules/home/tools/git/default.nix +++ b/modules/home/tools/git/default.nix @@ -17,8 +17,7 @@ in userName = mkOpt types.str user.fullName "The name to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with."; signingKey = - mkOpt types.str "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4iH29edivUi+k94apb6pasWq8qphfhYo0d6B2GhISf" - "The pub key to sign commits with."; + mkOpt types.str "6995A5FF33791B7B" "The pub key to sign commits with."; signByDefault = mkOpt types.bool true "Whether to sign commits by default."; }; @@ -44,10 +43,6 @@ in safe = { directory = "${user.home}/projects/config"; }; - gpg = { - format = "ssh"; - "ssh".program = "${pkgs._1password-gui}/bin/op-ssh-sign"; - }; }; }; }; diff --git a/modules/nixos/graphical-interface/desktop-manager/hyprland/default.nix b/modules/nixos/graphical-interface/desktop-manager/hyprland/default.nix new file mode 100644 index 0000000..143b3dd --- /dev/null +++ b/modules/nixos/graphical-interface/desktop-manager/hyprland/default.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +with lib.wyrdgard; +let + cfg = config.wyrdgard.graphical-interface.desktop-manager.hyprland; +in +{ + options.wyrdgard.graphical-interface.desktop-manager.hyprland = with types; { + enable = mkEnableOption "Whether to enable hyprland"; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ polkit xdg-desktop-portal-hyprland dconf ]; + + services.xserver = enabled; + + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + }; +} diff --git a/modules/nixos/security/gpg/default.nix b/modules/nixos/security/gpg/default.nix index dd56a48..7661d1f 100644 --- a/modules/nixos/security/gpg/default.nix +++ b/modules/nixos/security/gpg/default.nix @@ -19,6 +19,10 @@ let max-cache-ttl 120 pinentry-program ${pkgs.pinentry-qt}/bin/pinentry-qt ''; + + reload-yubikey = pkgs.writeShellScriptBin "reload-yubikey" '' + ${pkgs.gnupg}/bin/gpg-connect-agent "scd serialno" "learn --force" /bye + ''; in { options.wyrdgard.security.gpg = with types; { @@ -27,11 +31,19 @@ in }; config = mkIf cfg.enable { + services.pcscd.enable = true; + services.udev.packages = with pkgs; [ yubikey-personalization ]; + environment.systemPackages = with pkgs; [ + cryptsetup paperkey gnupg pinentry-curses pinentry-qt + + yubikey-manager + yubikey-manager-qt + reload-yubikey ]; programs = { @@ -50,6 +62,8 @@ in ".gnupg/gpg.conf".source = gpgConf; ".gnupg/gpg-agent.conf".text = gpgAgentConf; + ".gnupg/scdeamon.conf".text = "disable-ccid"; + # YUBIKEYCERTIFYPASSWORD }; }; }; diff --git a/modules/nixos/tools/git/default.nix b/modules/nixos/tools/git/default.nix index 3259b87..5905d8d 100644 --- a/modules/nixos/tools/git/default.nix +++ b/modules/nixos/tools/git/default.nix @@ -17,8 +17,7 @@ in userName = mkOpt types.str user.fullName "The name to use git with"; userEmail = mkOpt types.str user.email "The email to use git with"; signingKey = - mkOpt types.str "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4iH29edivUi+k94apb6pasWq8qphfhYo0d6B2GhISf" - "The key ID to sign commits with."; + mkOpt types.str "6995A5FF33791B7B" "The key ID to sign commits with."; }; config = mkIf cfg.enable { @@ -34,7 +33,7 @@ in lfs.enable = true; signing = { key = cfg.signingKey; - signByDefault = mkIf _1password.enable true; + signByDefault = mkIf gpg.enable true; }; extraConfig = { init = { @@ -49,10 +48,6 @@ in safe = { directory = "${config.users.users.${user.name}.home}/projects/config"; }; - gpg = { - format = "ssh"; - "ssh".program = "${pkgs._1password-gui}/bin/op-ssh-sign"; - }; }; }; }; diff --git a/systems/x86_64-linux/yggdrasil/default.nix b/systems/x86_64-linux/yggdrasil/default.nix index 127da02..3751284 100644 --- a/systems/x86_64-linux/yggdrasil/default.nix +++ b/systems/x86_64-linux/yggdrasil/default.nix @@ -36,6 +36,8 @@ with lib.wyrdgard; gpu.nvidia = enabled; }; }; + + security.gpg = enabled; }; system.stateVersion = "23.11";