fix: programs.gpg-agent do not support darwin, running gnupg agent at system level

2026-03-24 01:41:00 +01:00 · 2024-01-10 13:21:05 +08:00
parent 228a7099d0
commit f166761af7
3 changed files with 25 additions and 16 deletions
--- a/home/base/desktop/gpg/default.nix
+++ b/home/base/desktop/gpg/default.nix
@@ -1,35 +1,30 @@
-{pkgs, config, mysecrets, ...}: {
+{
+  config,
+  mysecrets,
+  ...
+}: {
  programs.gpg = {
    enable = true;
    homedir = "${config.home.homeDirectory}/.gnupg";
    #  $GNUPGHOME/trustdb.gpg stores all the trust level you specified in `programs.gpg.publicKeys` option.
-    # 
+    #
    # If set `mutableTrust` to false, the path $GNUPGHOME/trustdb.gpg will be overwritten on each activation.
    # Thus we can only update trsutedb.gpg via home-manager.
    mutableTrust = true;

    # $GNUPGHOME/pubring.kbx stores all the public keys you specified in `programs.gpg.publicKeys` option.
-    #  
+    #
    # If set `mutableKeys` to false, the path $GNUPGHOME/pubring.kbx will become an immutable link to the Nix store, denying modifications.
    # Thus we can only update pubring.kbx via home-manager
    mutableKeys = true;
    publicKeys = [
      # https://www.gnupg.org/gph/en/manual/x334.html
-      { source = "${mysecrets}/public/ryan4yin-gpg-keys.pub"; trust = 5; }  # ultimate trust, my own keys.
+      {
+        source = "${mysecrets}/public/ryan4yin-gpg-keys.pub";
+        trust = 5;
+      } # ultimate trust, my own keys.
    ];
    settings = {
-      
    };
  };
-
-  home.packages = with pkgs; [
-    pinentry-curses
-  ];
-  services.gpg-agent = {
-    enable = true;
-    pinentryFlavor =  "curses";
-    enableSshSupport = false;
-    grabKeyboardAndMouse = true;
-    enableScDaemon = false; # enable Smartcard daemon for the GnuPG system 
-  };
 }
--- a/modules/darwin/security.nix
+++ b/modules/darwin/security.nix
@@ -0,0 +1,7 @@
+{
+  # https://github.com/LnL7/nix-darwin/blob/master/modules/programs/gnupg.nix
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = false;
+  };
+}
--- a/modules/nixos/desktop/security.nix
+++ b/modules/nixos/desktop/security.nix
@@ -11,4 +11,11 @@
  # security with gnome-kering
  services.gnome.gnome-keyring.enable = true;
  security.pam.services.greetd.enableGnomeKeyring = true;
+
+  # gpg agent with pinentry
+  programs.gnupg.agent = {
+    eanble = true;
+    pinentryFlavor =  "curses";
+    enableSSHSupport = false;
+  };
 }