refactor: extract gpg config

2024-07-10 12:58:04 +02:00 · 2024-07-10 12:58:04 +02:00 · 8f1ca25dba
commit 8f1ca25dba
parent 35550c6085
10 changed files with 10 additions and 130 deletions
--- a/gpg/default.nix
+++ b/gpg/default.nix
@ -0,0 +1,41 @@
+{ pkgs, gpgSSHKeys, ... }:
+
+{
+  services.gpg-agent = {
+    enable = true;
+    enableZshIntegration = true;
+    pinentryPackage = pkgs.pinentry-curses;
+    enableSshSupport = true;
+    sshKeys = gpgSSHKeys;
+    defaultCacheTtl = 3600 * 12;
+    defaultCacheTtlSsh = 3600 * 12;
+    maxCacheTtl = 3600 * 12;
+    maxCacheTtlSsh = 3600 * 12;
+    extraConfig = ''
+      allow-loopback-pinentry
+    '';
+  };
+
+  programs.gpg = {
+    enable = true;
+    mutableKeys = false;
+    mutableTrust = false;
+    settings = {
+      pinentry-mode = "loopback";
+    };
+    publicKeys = [
+      {
+        source = ./molez.pub.asc;
+        trust = "ultimate";
+      }
+      {
+        source = ./vi-bim.pub.asc;
+        trust = "ultimate";
+      }
+      {
+        source = ./horsch.pub.asc;
+        trust = "ultimate";
+      }
+    ];
+  };
+}