From 54218c72783405cdfc2dffc5504b1154db1043f1 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sun, 21 Jan 2024 20:58:25 +0100
Subject: [PATCH] Use Nitrokey as PGP smartcard

---
 modules/pubkeys.nix         | 9 ++++++++-
 users/simon/modules/gpg.nix | 4 ++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/modules/pubkeys.nix b/modules/pubkeys.nix
index 3dd7ff2..b68d8eb 100644
--- a/modules/pubkeys.nix
+++ b/modules/pubkeys.nix
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2020-2022 Simon Bruder <simon@sbruder.de>
+# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -15,6 +15,10 @@ in
         "simon@hitagi" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1kQUoPII8A9/bgPA+OrZGQLPA8MxkdmPSCCsfGMh9qRZfF7BSD8W6VdE/28tLw+39QeUl1+/9VuVvGjZBP1zBAbKIcKx4DjtgxpNXCsfWMjXFtpTGk2dyl71CaY5n72YlADxXYwtEvuwfNixgE2yTCefMbBsfwqYC0GZGiDlFtjxdg+RuUC8jU++C+WFUFct9gj9ieQ0LWjud+Oh0AF0JhyGnou+wVZIIO8mwo7Cc5xiPldXhbc13XiNC3mpNGCLFj+nh1feazk8TeAVDBps6xaDkOd+hDwTBQh8LoimePK7MiShzLvC38Vd/sim5ym/IqY634CjqBDGCMp1KXnqHUTT8CqeifMv10+aRJKUPevVkO3nEE3VoSPt7Ui9ZzLnL4qhZyygoBau+PvD2WCWm+gRwBkvU1uNrYKi4HIGhB/gXcYHKJimqJwLMyqG5Wv1jfuhn3ZZN+uNqTgdAznGgPRU1Q/Mx6nMEDiQip78qdYEc0YGwdb/TldEL6aHRjuNuZPpTW+zakQHiQTRb/0VdZT1bAwyT9yL0Uf40h706Kh/pKiSQ1yq1dlSdl3RlfedbqLqGjspds1iRSrSXyH2MBghPbz/SF7Vt4LW/tXF0rcyV7CU98ZvxJDWeN60OE0vPf/AT5udYyfPO1691y0F8jGKxGYYPg9R/Y5o7J24PbQ==";
         "simon@mayushii" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJ7qUGZUjiDhQ6Se+aXr9DbgRTG2tx69owqVMkd2bna";
         "simon@nunotaba" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcOt4mAwIuAGMfRdfeoGX4UFkQDhkbihJcsAgG7JE/j";
+        # pgp key
+        "alpha" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1KsR0pgwLfhbP/BDeyb7CLnIqbWiaS52QKUOYLtioH"; # Nitrokey 3
+        "beta" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtp4pbIVjjXN7J277+pm5EyzIQVD5aHpoi45J1PNVCL"; # Nitrokey 3
+        "backup" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfsufQIdFzWK1B1uelCzt8XJaoublRPn1gjZvumSEr+"; # Offline backup key
       };
     };
     trustedNames = lib.mkOption {
@@ -24,6 +28,9 @@ in
         "simon@hitagi"
         "simon@mayushii"
         "simon@nunotaba"
+        "alpha"
+        "beta"
+        "backup"
       ];
     };
     trustedKeys = lib.mkOption {
diff --git a/users/simon/modules/gpg.nix b/users/simon/modules/gpg.nix
index a3bee57..4367dd4 100644
--- a/users/simon/modules/gpg.nix
+++ b/users/simon/modules/gpg.nix
@@ -2,13 +2,13 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
-{ nixosConfig, ... }:
+{ nixosConfig, pkgs, ... }:
 
 {
   programs.gpg = {
     enable = true;
     settings = {
-      default-key = "47E7559E037A35652DBBF8AA8D3C82F9F309F8EC";
+      default-key = "D48A1ACAB1CDBD170151662BB1A0B4A45885A031";
       keyid-format = "none";
       with-fingerprint = false;
       with-subkey-fingerprint = true;