mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

fix: add yubikey gpg keygrips to avoid having to call gpg --card-status each boot

Browse source
This commit is contained in:
oddlama 2024-06-13 12:52:03 +02:00
parent 4b68bec5bb
commit aa659fa085
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
5 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
secrets/rekeyed/kroma/a1521242c47417b049e18b81f06498e6-my-gpg-yubikey-keygrip.tar.age Normal file
View file

Binary file not shown.

BIN
secrets/rekeyed/nom/d6734261cd825f4bc6c76eb0d5756086-my-gpg-yubikey-keygrip.tar.age Normal file
View file

Binary file not shown.

6
users/myuser/default.nix
View file

@ -28,6 +28,12 @@ in
mode = "640"; mode = "640";
}; };
age.secrets."my-gpg-yubikey-keygrip.tar" = {
rekeyFile = ./secrets/gpg-keygrip.tar.age;
group = myuser;
mode = "640";
};
home-manager.users.${myuser} = { home-manager.users.${myuser} = {
imports = [ imports = [
../config ../config

8
users/myuser/gpg.nix
View file

@ -1,8 +1,16 @@
{ {
lib,
nixosConfig, nixosConfig,
pkgs, pkgs,
... ...
}: { }: {
# Make sure the keygrips exist, otherwise we'd need to run `gpg --card-status`
# before being able to use the yubikey.
home.activation.installKeygrips = lib.hm.dag.entryAfter ["writeBoundary"] ''
run mkdir -p "$HOME/.gnupg/private-keys-v1.d"
run ${lib.getExe pkgs.gnutar} xvf ${lib.escapeShellArg nixosConfig.age.secrets."my-gpg-yubikey-keygrip.tar".path} -C "$HOME/.gnupg/private-keys-v1.d/"
'';
programs.gpg = { programs.gpg = {
enable = true; enable = true;
scdaemonSettings.disable-ccid = true; scdaemonSettings.disable-ccid = true;

BIN
users/myuser/secrets/gpg-keygrip.tar.age Normal file
View file

Binary file not shown.