ephase/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(gnupg): allow gpg as ssh-agent

Browse source 
Deactivate regular ssh-agent in NixOS confifurations
This commit is contained in:
Yorick Barbanneau 2025-04-04 23:56:13 +02:00
parent b4c25d7497
commit 141df5608d
3 changed files with 25 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

25
modules/home-manager/application/gnupg/default.nix
View file

@ -12,14 +12,19 @@ in
default = true; default = true;
description = "install password-store"; description = "install password-store";
}; };
enableSshSupport = mkOption {
type = types.bool;
default = false;
description = "enable GnuPG agent SSH support";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = with pkgs; [ home.packages = with pkgs; [
# pinentry-gnome # pinentry-gnome
gcr gcr
]; ];
programs.gpg = { programs.gpg = {
enable = true; enable = true;
scdaemonSettings = { scdaemonSettings = {
@ -31,9 +36,17 @@ in
enable = true; enable = true;
enableScDaemon = true; enableScDaemon = true;
enableZshIntegration = true; enableZshIntegration = true;
pinentry.package = pkgs.pinentry-gnome3; pinentryPackage = pkgs.pinentry-gnome3;
enableSshSupport = cfg.enableSshSupport;
}; };
home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport ''
if [[ -z "''${SSH_AUTH_SOCK}" ]]; then
export SSH_AUTH_SOCK="$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)"
fi
'';
services.ssh-agent.enable = if cfg.enableSshSupport then false else true;
programs.password-store = { programs.password-store = {
enable = cfg.pass; enable = cfg.pass;
}; };

11
nixos/includes/system/sshclient.nix
View file

@ -1,11 +0,0 @@
{pkgs, ...}:
{
environment.systemPackages = with pkgs; [
lxqt.lxqt-openssh-askpass
];
programs.ssh = {
startAgent = false;
enableAskPassword = true;
askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
}

12
nixos/includes/system/user.nix
View file

@ -1,17 +1,17 @@
{ config, pkgs, username, ... }: { pkgs, username, ... }:
{ {
# Services # Services
services.pcscd.enable = true; services.pcscd.enable = true;
# Programs # Programs
programs.ssh.startAgent = true; programs.ssh.startAgent = false;
programs.zsh.enable = true; programs.zsh.enable = true;
# Needed for home-manager systemd service # Needed for home-manager systemd service
programs.dconf.enable = true; programs.dconf.enable = true;
# Configs # Configs
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
users.users.${username} = { users.users.${username} = {
shell = pkgs.zsh; shell = pkgs.zsh;
isNormalUser = true; isNormalUser = true;