clerie/nixfiles
1
0
Fork 0
Code Activity

profiles/gpg-ssh: Move gpg-ssh to profiles

Browse Source
This commit is contained in:
clerie
2025-06-29 11:51:27 +02:00
parent 4bf030c006
commit 60e80ab2e9
5 changed files with 68 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configuration/desktop/ssh.nix
View File

@@ -2,9 +2,8 @@
{ {
imports = [ profiles.clerie.gpg-ssh.enable = true;
../../configuration/gpg-ssh
];
programs.gnupg.agent = { programs.gnupg.agent = {
pinentryPackage = pkgs.pinentry-gtk2; pinentryPackage = pkgs.pinentry-gtk2;
}; };

51
configuration/gpg-ssh/default.nix
View File

@@ -1,51 +0,0 @@
{ pkgs, lib, ... }:
let
custom_gnupg = pkgs.gnupg.overrideAttrs (final: prev: {
configureFlags = prev.configureFlags ++ [
# Make sure scdaemon never ever again tries to use its own ccid driver
"--disable-ccid-driver"
];
});
in {
programs.gnupg.package = custom_gnupg;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = lib.mkDefault pkgs.pinentry-curses;
};
environment.systemPackages = with pkgs; [
custom_gnupg
yubikey-personalization
openpgp-card-tools
# Add wrapper around ssh that takes the gnupg ssh-agent
# instead of gnome-keyring
ssh-gpg
];
services.pcscd.enable = true;
# pcscd sometimes breaks and seem to need a manual restart
# so we allow users to restart that service themself
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units"
&& action.lookup("unit") == "pcscd.service"
&& action.lookup("verb") == "restart"
&& subject.isInGroup("users")
) {
return polkit.Result.YES;
}
});
'';
services.udev.packages = with pkgs; [
yubikey-personalization
];
}

2
hosts/_iso/configuration.nix
View File

@@ -3,9 +3,9 @@
{ {
imports = [ imports = [
(modulesPath + "/installer/cd-dvd/installation-cd-base.nix") (modulesPath + "/installer/cd-dvd/installation-cd-base.nix")
../../configuration/gpg-ssh
]; ];
profiles.clerie.gpg-ssh.enable = true;
profiles.clerie.network-fallback-dhcp.enable = true; profiles.clerie.network-fallback-dhcp.enable = true;
# systemd in initrd is broken with ISOs # systemd in initrd is broken with ISOs

1
profiles/default.nix
View File

@@ -12,6 +12,7 @@
./dn42-router ./dn42-router
./fem-net ./fem-net
./firefox ./firefox
./gpg-ssh
./hetzner-cloud ./hetzner-cloud
./hydra-build-machine ./hydra-build-machine
./mercury-vm ./mercury-vm

64
profiles/gpg-ssh/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.profiles.clerie.gpg-ssh;
custom_gnupg = pkgs.gnupg.overrideAttrs (final: prev: {
configureFlags = prev.configureFlags ++ [
# Make sure scdaemon never ever again tries to use its own ccid driver
"--disable-ccid-driver"
];
});
in {
options.profiles.clerie.gpg-ssh = {
enable = mkEnableOption "SSH integration for GPG";
};
config = mkIf config.profiles.clerie.gpg-ssh.enable {
programs.gnupg.package = custom_gnupg;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = lib.mkDefault pkgs.pinentry-curses;
};
environment.systemPackages = with pkgs; [
custom_gnupg
yubikey-personalization
openpgp-card-tools
# Add wrapper around ssh that takes the gnupg ssh-agent
# instead of gnome-keyring
ssh-gpg
];
services.pcscd.enable = true;
# pcscd sometimes breaks and seem to need a manual restart
# so we allow users to restart that service themself
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units"
&& action.lookup("unit") == "pcscd.service"
&& action.lookup("verb") == "restart"
&& subject.isInGroup("users")
) {
return polkit.Result.YES;
}
});
'';
services.udev.packages = with pkgs; [
yubikey-personalization
];
};
}