os/modules/crypto/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

37 lines
751 B
Nix
Raw Permalink Normal View History

2021-05-30 19:10:28 +00:00
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
services.dbus.packages = [pkgs.gcr];
services.pcscd.enable = true;
2024-02-03 11:21:27 +00:00
services.udev.packages = [pkgs.yubikey-personalization];
services.gnome.gnome-keyring.enable = true;
2021-05-30 19:10:28 +00:00
hardware.gpgSmartcards.enable = true; # for yubikey
users.users."${psCfg.user.name}".packages = with pkgs; [
libsecret
2024-02-03 11:21:27 +00:00
gnupg
];
2021-05-30 19:10:28 +00:00
programs.ssh.startAgent = false;
2024-02-03 11:21:27 +00:00
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
2024-06-02 21:47:00 +00:00
pinentryPackage = pkgs.pinentry-gnome3;
2024-02-03 11:21:27 +00:00
};
2021-05-30 19:10:28 +00:00
2024-02-03 11:21:27 +00:00
home-manager.users."${psCfg.user.name}" = {
home.file.".gnupg/scdaemon.conf".text = ''
reader-port Yubico Yubi
disable-ccid
'';
2021-05-30 19:10:28 +00:00
};
}