[Services/GnuPG] Move all configuration in dedicated file

2026-04-05 17:27:50 +00:00 · 2023-04-05 09:41:53 +02:00 · 2023-04-05 09:41:53 +02:00 · 9977f0c62d
commit 9977f0c62d
parent 3fa8298db2
4 changed files with 35 additions and 32 deletions
--- a/general.nix
+++ b/general.nix
@ -104,34 +104,10 @@ in
    # Some programs need SUID wrappers, can be configured further or are
    # started in user sessions.
    programs.mtr.enable = true;
-    programs.gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-    };
    
-    systemd.user.services.gpg-agent = let
-      pinentrySwitcher = pkgs.callPackage ./packages/pinentry.nix {};
-      cfg = config.programs.gnupg;
-    in {
-      restartTriggers = [ pinentrySwitcher ];
-      restartIfChanged = true;
-    
-      serviceConfig.ExecStart = [ "" ''
-        ${cfg.package}/bin/gpg-agent --supervised \
-          --pinentry-program ${pinentrySwitcher}/bin/pinentry
-        '' ];
-    };
-
    documentation.man.generateCaches = true;


-    environment.shellInit = concatStringsSep "\n" [
-      ''export GPG_TTY="$(tty)"''
-      ''gpg-connect-agent /bye''
-      ''export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"''
-    ];
-
-
    # zram is so usefull, we should always have it enabled.
    zramSwap = {
      enable = true;
--- a/services.nix
+++ b/services.nix
@ -183,14 +183,6 @@ in {
      };
    };

-    programs.gnupg = {
-      agent.enable = true;
-      dirmngr.enable = true;
-      agent.pinentryFlavor = "curses";
-      agent.enableSSHSupport = true;
-      agent.enableExtraSocket = true;
-      agent.enableBrowserSocket = true;
-    };
    programs.ssh.startAgent = false;

    # SmartCards
--- a/services/default.nix
+++ b/services/default.nix
@ -2,5 +2,6 @@
 {
  imports = [
    ./jupyterhub.nix
+    ./gnupg.nix
  ];
 }
--- a/services/gnupg.nix
+++ b/services/gnupg.nix
@ -0,0 +1,34 @@
+{ config, pkgs, lib, ... }:
+with lib;
+{
+  config = {
+
+    programs.gnupg = {
+      agent.enable = true;
+      dirmngr.enable = true;
+      agent.pinentryFlavor = "curses"; # overriden anyway
+      agent.enableSSHSupport = true;
+      agent.enableExtraSocket = true;
+      agent.enableBrowserSocket = true;
+    };
+
+    environment.shellInit = ''
+      export GPG_TTY="$(tty)"
+      gpg-connect-agent /bye
+      export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+    '';
+  
+    systemd.user.services.gpg-agent = let
+      pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {};
+      cfg = config.programs.gnupg;
+    in {
+      restartTriggers = [ pinentrySwitcher ];
+      restartIfChanged = true;
+    
+      serviceConfig.ExecStart = [ "" ''
+        ${cfg.package}/bin/gpg-agent --supervised \
+          --pinentry-program ${pinentrySwitcher}/bin/pinentry
+        '' ];
+    };
+  };
+}