flake-parts: Almost done with yggdrasil

2025-10-28 00:17:33 +01:00 · 2025-10-28 00:17:33 +01:00 · ebc8a545c8
commit ebc8a545c8
parent d579c8ad2c
43 changed files with 2650 additions and 135 deletions
--- a/modules/base/system/gpg.nix
+++ b/modules/base/system/gpg.nix
@ -0,0 +1,61 @@
+{
+  flake.modules = {
+    nixos.base =
+      { pkgs, ... }:
+      let
+
+        reload-yubikey = pkgs.writeShellScriptBin "reload-yubikey" ''
+          ${pkgs.gnupg}/bin/gpg-connect-agent "scd serialno" "learn --force" /bye
+        '';
+      in
+      {
+        services.pcscd.enable = true;
+        services.udev.packages = with pkgs; [ yubikey-personalization ];
+
+        environment.systemPackages = with pkgs; [
+          cryptsetup
+          paperkey
+          gnupg
+          pinentry-curses
+          pinentry-qt
+
+          yubikey-manager
+          yubioath-flutter
+          reload-yubikey
+        ];
+
+        programs = {
+          ssh.startAgent = false;
+
+          gnupg.agent = {
+            enable = true;
+            enableSSHSupport = true;
+            enableExtraSocket = true;
+          };
+        };
+
+      };
+
+    homeManager.base =
+      { inputs, pkgs, ... }:
+      let
+        gpgConf = "${inputs.gpg-base-conf}/gpg.conf";
+
+        gpgAgentConf = ''
+          enable-ssh-support
+          default-cache-ttl 60
+          max-cache-ttl 120
+          pinentry-program ${pkgs.pinentry-qt}/bin/pinentry-qt
+        '';
+      in
+      {
+        home.file = {
+          ".gnupg/.keep".text = "";
+
+          ".gnupg/gpg.conf".source = gpgConf;
+          ".gnupg/gpg-agent.conf".text = gpgAgentConf;
+          ".gnupg/scdeamon.conf".text = "disable-ccid";
+        };
+      };
+  };
+}