61 lines
1.4 KiB
Nix
61 lines
1.4 KiB
Nix
{ user ? throw "user argument is required" }: { config, lib, pkgs, ... }:
|
|
|
|
let
|
|
hmConfig = config.home-manager.users."${user.name}";
|
|
gpgPath = "${hmConfig.xdg.dataHome}/gnupg";
|
|
in
|
|
{
|
|
home-manager.users."${user.name}" = {
|
|
programs.gpg = {
|
|
enable = true;
|
|
homedir = gpgPath;
|
|
};
|
|
|
|
services.gpg-agent = {
|
|
enable = true;
|
|
defaultCacheTtl = 31536000;
|
|
maxCacheTtl = 31536000;
|
|
};
|
|
|
|
systemd.user = {
|
|
services.gpg-agent-import =
|
|
let
|
|
init = lib.meta.getExe (pkgs.writeShellApplication {
|
|
name = "import-gpg-keys";
|
|
runtimeInputs = with pkgs; [
|
|
coreutils-full
|
|
gnugrep
|
|
gnupg
|
|
];
|
|
runtimeEnv = {
|
|
GNUPGHOME = gpgPath;
|
|
HOME = user.home;
|
|
};
|
|
text = builtins.readFile ./import-gpg-keys.sh;
|
|
});
|
|
in
|
|
{
|
|
Unit = {
|
|
Description = "Auto-import GPG keys";
|
|
Requires = [ "sops-nix.service" "gpg-agent.socket" ];
|
|
After = [ "sops-nix.service" "gpg-agent.socket" ];
|
|
};
|
|
|
|
Service = {
|
|
Type = "oneshot";
|
|
ExecStart = init;
|
|
};
|
|
|
|
Install.WantedBy = [ "default.target" ];
|
|
};
|
|
|
|
tmpfiles.rules = [ "d ${gpgPath} 0700 ${user.name} users -" ];
|
|
};
|
|
|
|
sops.secrets = {
|
|
"gpg-agent/pgp.key" = { };
|
|
"gpg-agent/pgp.pass" = { };
|
|
};
|
|
};
|
|
}
|