feat(myuser): add gpg keys, enable impermanence

users/myuser/default.nix

@@ -5,6 +5,10 @@
   ...
 }: let
   myuser = config.repo.secrets.global.myuser.name;
+  mkUserDirs = map (directory: {
+    inherit directory;
+    mode = "700";
+  });
 in {
   users.groups.${myuser}.gid = config.users.users.${myuser}.uid;
   users.users.${myuser} = {
@@ -20,19 +24,61 @@ in {
     shell = pkgs.zsh;
   };
 
+  # Needed for gtk
+  programs.dconf.enable = true;
+
+  # TODO age.secrets = mapAttrs user.hmConfig.cfg.age.secrets users
+  age.secrets.my-gpg-pubkey-yubikey = {
+    rekeyFile = ./yubikey.gpg.age;
+    group = myuser;
+    mode = "640";
+  };
+
+  # TODO numlock default on in sway and kernel console
+  # TODO make dataset for safe/persist/ and automount it
+  # TODO modularized based on hmConfig
+  environment.persistence."/state".users.${myuser}.directories =
+    mkUserDirs
+    [
+      ".cache/fontconfig"
+      ".cache/mozilla"
+      ".cache/nix" # nix eval cache
+      ".cache/nix-index"
+      ".cache/nvidia" # GLCache
+      ".cache/nvim"
+      ".local/share/nvim"
+      ".local/state/direnv"
+      ".local/state/nix"
+      ".local/state/nvim"
+      ".local/state/wireplumber"
+      "Downloads"
+    ];
+
+  environment.persistence."/persist".users.${myuser}.directories =
+    mkUserDirs
+    [
+      ".mozilla"
+      ".config/discord" # Bad Discord! BAD! Saves state in ,config tststs
+      ".config/Signal" # L take, electron.
+      ".local/share/atuin"
+      ".local/share/nix" # Repl history
+      "projects"
+    ];
+
   home-manager.users.${myuser} = {
     imports = [
-      #impermanence.home-manager.impermanence
       ../common
+      ./graphical
+
       ./dev.nix
       ./gpg.nix
       ./ssh.nix
     ];
 
     home = {
-      inherit (config.system) stateVersion;
       inherit (config.users.users.${myuser}) uid;
       username = config.users.users.${myuser}.name;
+      # TODO this shall be moved!
       shellAliases = {
         p = "cd ~/projects";
         zf = "zathura --fork";

users/myuser/gpg.nix

@@ -1,7 +1,17 @@
-{lib, ...}: {
+{
+  lib,
+  nixosConfig,
+  ...
+}: {
   programs.gpg = {
     enable = true;
     scdaemonSettings.disable-ccid = true;
+    publicKeys = [
+      {
+        source = nixosConfig.age.secrets.my-gpg-pubkey-yubikey.path;
+        trust = 5;
+      }
+    ];
     settings = {
       # https://github.com/drduh/config/blob/master/gpg.conf
       # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html
@@ -47,29 +57,7 @@
       use-agent = true;
       # Disable recipient key ID in messages
       throw-keyids = true;
-      # Default/trusted key ID to use (helpful with throw-keyids)
-      #default-key 0xFF3E7D88647EBCDB
-      #trusted-key 0xFF3E7D88647EBCDB
-      # Group recipient keys (preferred ID last)
-      #group keygroup = 0xFF00000000000001 0xFF00000000000002 0xFF3E7D88647EBCDB
-      # Keyserver URL
-      #keyserver hkps://keys.openpgp.org
-      #keyserver hkps://keyserver.ubuntu.com:443
-      #keyserver hkps://hkps.pool.sks-keyservers.net
-      #keyserver hkps://pgp.ocf.berkeley.edu
-      # Proxy to use for keyservers
-      #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
-      # Verbose output
-      #verbose
-      # Show expired subkeys
-      #list-options show-unusable-subkeys
     };
-    # TODO publicKeys = [
-    # TODO   {
-    # TODO     source = ./yubikey.gpg;
-    # TODO     trust = 5;
-    # TODO   }
-    # TODO ];
   };
   services.gpg-agent = {
     enable = true;