55 lines
1.3 KiB
Nix
55 lines
1.3 KiB
Nix
{ lib, config, pkgs, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.modules.application.gnupg;
|
|
in
|
|
{
|
|
options.modules.application.gnupg = {
|
|
enable = mkEnableOption "enable GnuPG and related utils";
|
|
|
|
pass = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "install password-store";
|
|
};
|
|
|
|
enableSshSupport = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "enable GnuPG agent SSH support";
|
|
};
|
|
};
|
|
config = mkIf cfg.enable {
|
|
|
|
home.packages = with pkgs; [
|
|
# pinentry-gnome
|
|
gcr
|
|
];
|
|
programs.gpg = {
|
|
enable = true;
|
|
scdaemonSettings = {
|
|
disable-ccid = true;
|
|
};
|
|
homedir = "${config.xdg.configHome}/gnupg";
|
|
};
|
|
|
|
services.gpg-agent = {
|
|
enable = true;
|
|
enableScDaemon = true;
|
|
enableZshIntegration = true;
|
|
pinentryPackage = pkgs.pinentry-gnome3;
|
|
enableSshSupport = cfg.enableSshSupport;
|
|
};
|
|
|
|
home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport ''
|
|
if [[ -z "''${SSH_AUTH_SOCK}" ]]; then
|
|
export SSH_AUTH_SOCK="$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)"
|
|
fi
|
|
'';
|
|
|
|
services.ssh-agent.enable = if cfg.enableSshSupport then false else true;
|
|
programs.password-store = {
|
|
enable = cfg.pass;
|
|
};
|
|
};
|
|
}
|