wytch
a1e13e2808
Moves home-manager configuration into the flake under home/sonja/, integrating git, GPG agent, and package config. Fixes deprecated home-manager options and removes nixpkgs.config override incompatible with useGlobalPkgs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
54 lines
1.4 KiB
Nix
54 lines
1.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.custom.pgp;
|
|
in {
|
|
options.custom.pgp.enable = lib.mkEnableOption "Enable PGP Gnupgp";
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
# 1. Provide the bridge to pcscd
|
|
home.file.".gnupg/scdaemon.conf".text = ''
|
|
disable-ccid
|
|
pcsc-driver ${pkgs.pcsclite.lib}/lib/libpcsclite.so.1
|
|
'';
|
|
|
|
# 2. Configure the Agent
|
|
services.gpg-agent = {
|
|
enable = true;
|
|
enableSshSupport = true;
|
|
enableZshIntegration = true;
|
|
pinentry.package = pkgs.pinentry-curses;
|
|
|
|
# Removed 'disable-scdaemon' so it can actually talk to our config above
|
|
extraConfig = ''
|
|
allow-loopback-pinentry
|
|
'';
|
|
};
|
|
|
|
# 3. Standard GPG settings
|
|
programs.gpg = {
|
|
enable = true;
|
|
settings = {
|
|
use-agent = true;
|
|
personal-cipher-preferences = "AES256 AES192 AES";
|
|
personal-digest-preferences = "SHA512 SHA384 SHA256";
|
|
cert-digest-algo = "SHA512";
|
|
s2k-digest-algo = "SHA512";
|
|
s2k-cipher-algo = "AES256";
|
|
charset = "utf-8";
|
|
fixed-list-mode = "";
|
|
no-comments = "";
|
|
no-emit-version = "";
|
|
no-greeting = "";
|
|
keyid-format = "0xlong";
|
|
list-options = "show-uid-validity";
|
|
verify-options = "show-uid-validity";
|
|
with-fingerprint = "";
|
|
require-cross-certification = "";
|
|
no-symkey-cache = "";
|
|
};
|
|
};
|
|
|
|
home.packages = [ pkgs.gnupg pkgs.pcsclite ];
|
|
};
|
|
}
|