[Services/GnuPG] Move all configuration in dedicated file

2026-04-05 17:27:50 +00:00 · 2023-04-05 09:41:53 +02:00 · 2023-04-05 09:41:53 +02:00 · 9977f0c62d
commit 9977f0c62d
parent 3fa8298db2
4 changed files with 35 additions and 32 deletions
--- a/services/default.nix
+++ b/services/default.nix
@ -2,5 +2,6 @@
 {
  imports = [
    ./jupyterhub.nix
+    ./gnupg.nix
  ];
 }
--- a/services/gnupg.nix
+++ b/services/gnupg.nix
@ -0,0 +1,34 @@
+{ config, pkgs, lib, ... }:
+with lib;
+{
+  config = {
+
+    programs.gnupg = {
+      agent.enable = true;
+      dirmngr.enable = true;
+      agent.pinentryFlavor = "curses"; # overriden anyway
+      agent.enableSSHSupport = true;
+      agent.enableExtraSocket = true;
+      agent.enableBrowserSocket = true;
+    };
+
+    environment.shellInit = ''
+      export GPG_TTY="$(tty)"
+      gpg-connect-agent /bye
+      export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+    '';
+  
+    systemd.user.services.gpg-agent = let
+      pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {};
+      cfg = config.programs.gnupg;
+    in {
+      restartTriggers = [ pinentrySwitcher ];
+      restartIfChanged = true;
+    
+      serviceConfig.ExecStart = [ "" ''
+        ${cfg.package}/bin/gpg-agent --supervised \
+          --pinentry-program ${pinentrySwitcher}/bin/pinentry
+        '' ];
+    };
+  };
+}