mirror of
https://github.com/itme-brain/nixos.git
synced 2026-03-23 16:29:42 -04:00
50 lines
1.2 KiB
Nix
50 lines
1.2 KiB
Nix
{ pkgs, lib, config, osConfig, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.modules.user.security.gpg;
|
|
wm = config.modules.user.gui.wm;
|
|
gui = {
|
|
enable = builtins.any (mod: mod.enable or false) (builtins.attrValues wm);
|
|
};
|
|
|
|
in
|
|
{ options.modules.user.security.gpg = { enable = mkEnableOption "Enable GPG module"; };
|
|
config = mkIf cfg.enable {
|
|
programs.gpg = {
|
|
enable = true;
|
|
# Use pcscd instead of direct CCID access (avoids conflicts with age-plugin-yubikey)
|
|
scdaemonSettings = mkIf osConfig.services.pcscd.enable {
|
|
disable-ccid = true;
|
|
};
|
|
publicKeys = [
|
|
{
|
|
text = "${config.user.keys.pgp.yubikey}";
|
|
trust = 5;
|
|
}
|
|
] ++ optionals (osConfig.networking.hostName == "workstation") [
|
|
{
|
|
text = "${config.user.keys.pgp.work}";
|
|
trust = 5;
|
|
}
|
|
{
|
|
text = "${config.user.keys.pgp.company}";
|
|
trust = 5;
|
|
}
|
|
];
|
|
};
|
|
|
|
services.gpg-agent = {
|
|
enable = true;
|
|
enableSshSupport = true;
|
|
enableBashIntegration = true;
|
|
enableScDaemon = true;
|
|
|
|
pinentry.package =
|
|
if gui.enable then
|
|
pkgs.pinentry-gnome3
|
|
else
|
|
pkgs.pinentry-tty;
|
|
};
|
|
};
|
|
}
|