starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-25 09:28:27 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

fix: programs.gpg-agent do not support darwin, running gnupg agent at system level

Browse Source
This commit is contained in:
Ryan Yin
2024-01-10 13:21:05 +08:00
parent 228a7099d0
commit f166761af7
3 changed files with 25 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
home/base/desktop/gpg/default.nix
View File

@@ -1,35 +1,30 @@
{pkgs, config, mysecrets, ...}: { {
config,
mysecrets,
...
}: {
programs.gpg = { programs.gpg = {
enable = true; enable = true;
homedir = "${config.home.homeDirectory}/.gnupg"; homedir = "${config.home.homeDirectory}/.gnupg";
# $GNUPGHOME/trustdb.gpg stores all the trust level you specified in `programs.gpg.publicKeys` option. # $GNUPGHOME/trustdb.gpg stores all the trust level you specified in `programs.gpg.publicKeys` option.
# #
# If set `mutableTrust` to false, the path $GNUPGHOME/trustdb.gpg will be overwritten on each activation. # If set `mutableTrust` to false, the path $GNUPGHOME/trustdb.gpg will be overwritten on each activation.
# Thus we can only update trsutedb.gpg via home-manager. # Thus we can only update trsutedb.gpg via home-manager.
mutableTrust = true; mutableTrust = true;
# $GNUPGHOME/pubring.kbx stores all the public keys you specified in `programs.gpg.publicKeys` option. # $GNUPGHOME/pubring.kbx stores all the public keys you specified in `programs.gpg.publicKeys` option.
# #
# If set `mutableKeys` to false, the path $GNUPGHOME/pubring.kbx will become an immutable link to the Nix store, denying modifications. # If set `mutableKeys` to false, the path $GNUPGHOME/pubring.kbx will become an immutable link to the Nix store, denying modifications.
# Thus we can only update pubring.kbx via home-manager # Thus we can only update pubring.kbx via home-manager
mutableKeys = true; mutableKeys = true;
publicKeys = [ publicKeys = [
# https://www.gnupg.org/gph/en/manual/x334.html # https://www.gnupg.org/gph/en/manual/x334.html
{ source = "${mysecrets}/public/ryan4yin-gpg-keys.pub"; trust = 5; } # ultimate trust, my own keys. {
source = "${mysecrets}/public/ryan4yin-gpg-keys.pub";
trust = 5;
} # ultimate trust, my own keys.
]; ];
settings = { settings = {
}; };
}; };
home.packages = with pkgs; [
pinentry-curses
];
services.gpg-agent = {
enable = true;
pinentryFlavor = "curses";
enableSshSupport = false;
grabKeyboardAndMouse = true;
enableScDaemon = false; # enable Smartcard daemon for the GnuPG system
};
} }

7
modules/darwin/security.nix Normal file
View File

@@ -0,0 +1,7 @@
{
# https://github.com/LnL7/nix-darwin/blob/master/modules/programs/gnupg.nix
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
};
}

7
modules/nixos/desktop/security.nix
View File

@@ -11,4 +11,11 @@
# security with gnome-kering # security with gnome-kering
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
security.pam.services.greetd.enableGnomeKeyring = true; security.pam.services.greetd.enableGnomeKeyring = true;
# gpg agent with pinentry
programs.gnupg.agent = {
eanble = true;
pinentryFlavor = "curses";
enableSSHSupport = false;
};
} }