aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-06 01:38:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[Services/GnuPG] Move all configuration in dedicated file

Browse source
This commit is contained in:
Antoine Viallon 2023-04-05 09:41:53 +02:00
parent 3fa8298db2
commit 9977f0c62d
Signed by: aviallon
GPG key ID: 186FC35EDEB25716
4 changed files with 35 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

24
general.nix
View file

@ -104,34 +104,10 @@ in
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
programs.mtr.enable = true; programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
systemd.user.services.gpg-agent = let
pinentrySwitcher = pkgs.callPackage ./packages/pinentry.nix {};
cfg = config.programs.gnupg;
in {
restartTriggers = [ pinentrySwitcher ];
restartIfChanged = true;
serviceConfig.ExecStart = [ "" ''
${cfg.package}/bin/gpg-agent --supervised \
--pinentry-program ${pinentrySwitcher}/bin/pinentry
'' ];
};
documentation.man.generateCaches = true; documentation.man.generateCaches = true;
environment.shellInit = concatStringsSep "\n" [
''export GPG_TTY="$(tty)"''
''gpg-connect-agent /bye''
''export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"''
];
# zram is so usefull, we should always have it enabled. # zram is so usefull, we should always have it enabled.
zramSwap = { zramSwap = {
enable = true; enable = true;

8
services.nix
View file

@ -183,14 +183,6 @@ in {
}; };
}; };
programs.gnupg = {
agent.enable = true;
dirmngr.enable = true;
agent.pinentryFlavor = "curses";
agent.enableSSHSupport = true;
agent.enableExtraSocket = true;
agent.enableBrowserSocket = true;
};
programs.ssh.startAgent = false; programs.ssh.startAgent = false;
# SmartCards # SmartCards

1
services/default.nix
View file

@ -2,5 +2,6 @@
{ {
imports = [ imports = [
./jupyterhub.nix ./jupyterhub.nix
./gnupg.nix
]; ];
} }

34
services/gnupg.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, pkgs, lib, ... }:
with lib;
{
config = {
programs.gnupg = {
agent.enable = true;
dirmngr.enable = true;
agent.pinentryFlavor = "curses"; # overriden anyway
agent.enableSSHSupport = true;
agent.enableExtraSocket = true;
agent.enableBrowserSocket = true;
};
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
systemd.user.services.gpg-agent = let
pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {};
cfg = config.programs.gnupg;
in {
restartTriggers = [ pinentrySwitcher ];
restartIfChanged = true;
serviceConfig.ExecStart = [ "" ''
${cfg.package}/bin/gpg-agent --supervised \
--pinentry-program ${pinentrySwitcher}/bin/pinentry
'' ];
};
};
}