os/modules/crypto/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

48 lines
1.1 KiB
Nix
Raw Permalink Normal View History

2021-05-30 19:10:28 +00:00
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.crypto;
in {
options.pub-solar.crypto = {
enable = mkEnableOption "Life in private";
};
config = mkIf cfg.enable {
services.udev.packages = [pkgs.yubikey-personalization];
services.dbus.packages = [pkgs.gcr];
services.pcscd.enable = true;
services.gnome.gnome-keyring.enable = true;
2022-05-06 16:36:22 +00:00
environment.shellInit = ''
gpg-connect-agent /bye
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
'';
2021-05-30 19:10:28 +00:00
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;
services.gpg-agent = {
enable = true;
2022-05-06 16:36:22 +00:00
enableSshSupport = true;
2021-05-30 19:10:28 +00:00
pinentryFlavor = "gnome3";
verbose = true;
};
programs.gpg = {
enable = true;
};
home.packages = [
gnome.seahorse
2021-05-30 19:10:28 +00:00
keepassxc
];
2022-05-06 16:36:22 +00:00
};
2021-05-30 19:10:28 +00:00
};
}