#6 trying to sign commits

2024-04-07 16:12:04 +02:00 · 2024-04-07 16:12:04 +02:00 · c913825739
commit c913825739
parent 579a4a985e
7 changed files with 117 additions and 11 deletions
--- a/modules/nixos/security/gpg/default.nix
+++ b/modules/nixos/security/gpg/default.nix
@ -0,0 +1,56 @@
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+with lib;
+with lib.wyrdgard;
+let
+  cfg = config.wyrdgard.security.gpg;
+
+  gpgConf = "${inputs.gpg-base-conf}/gpg.conf";
+
+  gpgAgentConf = ''
+    enable-ssh-support
+    default-cache-ttl 60
+    max-cache-ttl 120
+    pinentry-program ${pkgs.pinentry-qt}/bin/pinentry-qt
+  '';
+in
+{
+  options.wyrdgard.security.gpg = with types; {
+    enable = mkBoolOpt false "Wether or not to enable GPG.";
+    agentTimeout = mkOpt int 5 "The amount of time to wait before continuing with shell init.";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      paperkey
+      gnupg
+      pinentry-curses
+      pinentry-qt
+    ];
+
+    programs = {
+      ssh.startAgent = false;
+
+      gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+        enableExtraSocket = true;
+      };
+    };
+
+    wyrdgard = {
+      home.file = {
+        ".gnupg/.keep".text = "";
+
+        ".gnupg/gpg.conf".source = gpgConf;
+        ".gnupg/gpg-agent.conf".text = gpgAgentConf;
+      };
+    };
+  };
+}