Use gpg-agent as ssh agent

2023-12-20 23:32:44 +01:00 · 2023-12-20 23:32:44 +01:00 · 0318ca56f9
parent 9107ce034c
commit 0318ca56f9
3 changed files with 18 additions and 4 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -98,10 +98,6 @@
      # Support for exotic file systems
      boot.supportedFilesystems = lib.optional config.sbruder.full "ntfs";

-      # Authentication/Encryption agents
-      programs.gnupg.agent.enable = true;
-      programs.ssh.startAgent = true;
-
      # When this is set to true (default), routing everything through a
      # wireguard tunnel does not work.
      networking.firewall.checkReversePath = false;
--- a/modules/gui.nix
+++ b/modules/gui.nix
@ -52,4 +52,7 @@ lib.mkIf config.sbruder.gui.enable {
      mode = "440";
    };
  };
+
+  # required for pinentry-gnome3
+  services.dbus.packages = [ pkgs.gcr ];
 }
--- a/users/simon/modules/gpg.nix
+++ b/users/simon/modules/gpg.nix
@ -1,3 +1,5 @@
+{ nixosConfig, ... }:
+
 {
  programs.gpg = {
    enable = true;
@ -5,4 +7,17 @@
      default-key = "47E7559E037A35652DBBF8AA8D3C82F9F309F8EC";
    };
  };
+
+  services.gpg-agent = rec {
+    enable = true;
+    enableZshIntegration = true;
+    enableSshSupport = true;
+
+    pinentryFlavor = if nixosConfig.sbruder.gui.enable then "gnome3" else "curses";
+
+    defaultCacheTtl = 300;
+    defaultCacheTtlSsh = defaultCacheTtl;
+    maxCacheTtl = 1800;
+    maxCacheTtlSsh = maxCacheTtl;
+  };
 }