bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-24 08:39:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos/user/modules/security/gpg/default.nix
Bryan Ramos 14efa80cab refactor: reorganize flake structure and consolidate user config 
Directory structure:
- Move from src/ to root level (system/, user/)
- Remove unused machines (workstation, vm, laptop)

User configuration:
- Add user/home.nix for shared defaults (pass, essentials, default modules)
- Centralize user options in user/default.nix
- Move submodules to consistent paths (bash/bash, git/git, neovim/nvim, vim/vim)

Module reorganization:
- Flatten nested module structures (remove /modules/ subdirs)
- Split CLI vs GUI tools (dev/ for CLI, gui/dev/ for GUI)
- Move neovim/vim to top-level modules (not under utils/)
- Remove security.enable - pass now in user/home.nix
- Remove utils.enable - essentials now in user/home.nix
- Add security/yubikey module with yubikey-manager, age-plugin-yubikey
- Move pcb, design to gui/dev/
- Replace penpot docker wrapper with nixpkgs penpot-desktop
- Remove i3 config
- Remove deprecated wsl.nativeSystemd option

GUI improvements:
- Browser-focused mimeApps in gui/default.nix
- Each WM handles its own auto-start via profileExtra

Cleanup:
- Update README with new structure
- Update justfile paths and valid systems
- Fix submodule paths in .gitmodules
2026-03-14 15:50:57 -04:00

49 lines
1.1 KiB
Nix
Raw Blame History

{ pkgs, lib, config, osConfig, ... }:
with lib;
let
cfg = config.modules.user.security.gpg;
wm = config.modules.user.gui.wm;
gui = {
enable = builtins.any (mod: mod.enable or false) (builtins.attrValues wm);
};
in
{ options.modules.user.security.gpg = { enable = mkEnableOption "Enable GPG module"; };
config = mkIf cfg.enable {
programs.gpg = {
enable = true;
scdaemonSettings = {
disable-ccid = true;
};
publicKeys = [
{
text = "${config.user.keys.pgp.yubikey}";
trust = 5;
}
] ++ optionals (osConfig.networking.hostName == "workstation") [
{
text = "${config.user.keys.pgp.work}";
trust = 5;
}
{
text = "${config.user.keys.pgp.ccur}";
trust = 5;
}
];
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
enableBashIntegration = true;
enableScDaemon = true;
pinentry.package =
if gui.enable then
pkgs.pinentry-gnome3
else
pkgs.pinentry-tty;
};
};
}
Reference in a new issue View git blame Copy permalink