From 0318ca56f93304126eb7e60ed3923041cee0ea77 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Wed, 20 Dec 2023 23:32:44 +0100
Subject: [PATCH] Use gpg-agent as ssh agent

---
 modules/default.nix         |  4 ----
 modules/gui.nix             |  3 +++
 users/simon/modules/gpg.nix | 15 +++++++++++++++
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/modules/default.nix b/modules/default.nix
index e8a3e8b..7373c26 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -98,10 +98,6 @@
       # Support for exotic file systems
       boot.supportedFilesystems = lib.optional config.sbruder.full "ntfs";
 
-      # Authentication/Encryption agents
-      programs.gnupg.agent.enable = true;
-      programs.ssh.startAgent = true;
-
       # When this is set to true (default), routing everything through a
       # wireguard tunnel does not work.
       networking.firewall.checkReversePath = false;
diff --git a/modules/gui.nix b/modules/gui.nix
index 4585f61..d578f3f 100644
--- a/modules/gui.nix
+++ b/modules/gui.nix
@@ -52,4 +52,7 @@ lib.mkIf config.sbruder.gui.enable {
       mode = "440";
     };
   };
+
+  # required for pinentry-gnome3
+  services.dbus.packages = [ pkgs.gcr ];
 }
diff --git a/users/simon/modules/gpg.nix b/users/simon/modules/gpg.nix
index f38ad5d..8f9e689 100644
--- a/users/simon/modules/gpg.nix
+++ b/users/simon/modules/gpg.nix
@@ -1,3 +1,5 @@
+{ nixosConfig, ... }:
+
 {
   programs.gpg = {
     enable = true;
@@ -5,4 +7,17 @@
       default-key = "47E7559E037A35652DBBF8AA8D3C82F9F309F8EC";
     };
   };
+
+  services.gpg-agent = rec {
+    enable = true;
+    enableZshIntegration = true;
+    enableSshSupport = true;
+
+    pinentryFlavor = if nixosConfig.sbruder.gui.enable then "gnome3" else "curses";
+
+    defaultCacheTtl = 300;
+    defaultCacheTtlSsh = defaultCacheTtl;
+    maxCacheTtl = 1800;
+    maxCacheTtlSsh = maxCacheTtl;
+  };
 }