feat(gnupg): allow gpg as ssh-agent

Deactivate regular ssh-agent in NixOS confifurations
2025-04-04 23:56:13 +02:00 · 2025-04-04 23:56:13 +02:00 · 141df5608d
commit 141df5608d
parent b4c25d7497
3 changed files with 25 additions and 23 deletions
--- a/modules/home-manager/application/gnupg/default.nix
+++ b/modules/home-manager/application/gnupg/default.nix
@ -12,14 +12,19 @@ in
      default = true;
      description = "install password-store";
    };
+
+    enableSshSupport = mkOption {
+      type = types.bool;
+      default = false;
+      description = "enable GnuPG agent SSH support";
+    };
  };
  config = mkIf cfg.enable {

-  home.packages = with pkgs; [
-    # pinentry-gnome
-    gcr
-  ];
-
+    home.packages = with pkgs; [
+      # pinentry-gnome
+      gcr
+    ];
    programs.gpg = {
      enable = true;
      scdaemonSettings = {
@ -31,9 +36,17 @@ in
      enable = true;
      enableScDaemon = true;
      enableZshIntegration = true;
-      pinentry.package = pkgs.pinentry-gnome3;
+      pinentryPackage = pkgs.pinentry-gnome3;
+      enableSshSupport = cfg.enableSshSupport;
    };

+    home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport ''
+      if [[ -z "''${SSH_AUTH_SOCK}" ]]; then
+        export SSH_AUTH_SOCK="$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)"
+      fi
+    '';
+
+    services.ssh-agent.enable = if cfg.enableSshSupport then false else true;
    programs.password-store = {
      enable = cfg.pass;
    };
--- a/nixos/includes/system/sshclient.nix
+++ b/nixos/includes/system/sshclient.nix
@ -1,11 +0,0 @@
-{pkgs, ...}:
-{
-  environment.systemPackages = with pkgs; [
-    lxqt.lxqt-openssh-askpass
-  ];
-  programs.ssh = {
-    startAgent = false;
-    enableAskPassword = true;
-    askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
-  };
-}
--- a/nixos/includes/system/user.nix
+++ b/nixos/includes/system/user.nix
@ -1,10 +1,10 @@
-{ config, pkgs, username, ... }:
+{ pkgs, username, ... }:
 {
  # Services
  services.pcscd.enable = true;

  # Programs
-  programs.ssh.startAgent = true;
+  programs.ssh.startAgent = false;
  programs.zsh.enable = true;
  # Needed for home-manager systemd service
  programs.dconf.enable = true;