fix(#5): Separate gpg keygrip from keyID

pam-gnupg wants the keygrip, git wants the keyID
2024-02-02 14:50:26 +01:00 · 2024-02-02 14:50:26 +01:00 · 9cd372c4f3
commit 9cd372c4f3
parent c94b93726a
2 changed files with 26 additions and 12 deletions
--- a/home/users.nix
+++ b/home/users.nix
@ -1,13 +1,13 @@
 { config, lib, ... }:
 let
  inherit (config) jhome;
-  inherit (cfg.defaultIdentity) gpgKey;
+  inherit (cfg.defaultIdentity) signingKey;

  cfg = jhome.user;
  hasConfig = jhome.enable && cfg != null;
-  hasKey = gpgKey != null;
+  hasKey = signingKey != null;
  gpgHome = config.programs.gpg.homedir;
-  unlockKey = hasConfig && cfg.unlockGpgKeyOnLogin && hasKey;
+  unlockKey = hasConfig && cfg.gpg.unlockKeys != [ ];
 in
 {
  config = lib.mkMerge [
@ -16,15 +16,14 @@ in
      programs.git.userEmail = cfg.defaultIdentity.email;
      programs.git.signing = lib.mkIf hasKey {
        signByDefault = true;
-        key = gpgKey;
+        key = signingKey;
      };
    })
    (lib.mkIf unlockKey {
      xdg.configFile.pam-gnupg.text = ''
        ${gpgHome}

-        ${gpgKey}
-      '';
+      '' + (lib.strings.concatLines cfg.gpg.unlockKeys);
    })
  ];
 }