jalil/configuration.nix
1
1
Fork 0
Code Issues 1 Pull requests Projects Activity Actions

fix(#5): Separate gpg keygrip from keyID

Browse source 
pam-gnupg wants the keygrip, git wants the keyID
This commit is contained in:
Jalil David Salamé Messina 2024-02-02 14:50:26 +01:00
parent c94b93726a
commit 9cd372c4f3
Signed by: jalil
GPG key ID: F016B9E770737A0B
2 changed files with 26 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
home/options.nix
View file

@ -20,19 +20,34 @@ let
type = types.str; type = types.str;
example = "John Doe"; example = "John Doe";
}; };
# FIXME: The keygrip is only useful for pam-gnupg, git needs another way to signingKey = lib.mkOption {
# identify the key. description = "The signing key programs should use (i.e. git).";
gpgKey = lib.mkOption {
description = "The keygrip of your GPG key.";
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "6F4ABB77A88E922406BCE6627AFEEE2363914B76"; example = "F016B9E770737A0B";
};
encryptionKey = lib.mkOption {
description = "The encryption key programs should use (i.e. pass).";
type = types.nullOr types.str;
default = null;
example = "F016B9E770737A0B";
}; };
}; };
user.options = { user.options = {
enable = lib.mkEnableOption "Jalil's default user configuration"; enable = lib.mkEnableOption "Jalil's default user configuration";
unlockGpgKeyOnLogin = lib.mkEnableOption "unlocking the gpg key on login"; gpg = lib.mkOption {
description = "GnuPG Configuration.";
default = { };
type = types.submodule {
options.unlockKeys = lib.mkOption {
description = "Keygrips of keys to unlock through `pam-gnupg` when logging in.";
default = [ ];
example = [ "6F4ABB77A88E922406BCE6627AFEEE2363914B76" ];
type = types.listOf types.str;
};
};
};
defaultIdentity = lib.mkOption { defaultIdentity = lib.mkOption {
description = "The default identity to use in things like git."; description = "The default identity to use in things like git.";
type = types.submodule identity; type = types.submodule identity;

11
home/users.nix
View file

@ -1,13 +1,13 @@
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (config) jhome; inherit (config) jhome;
inherit (cfg.defaultIdentity) gpgKey; inherit (cfg.defaultIdentity) signingKey;
cfg = jhome.user; cfg = jhome.user;
hasConfig = jhome.enable && cfg != null; hasConfig = jhome.enable && cfg != null;
hasKey = gpgKey != null; hasKey = signingKey != null;
gpgHome = config.programs.gpg.homedir; gpgHome = config.programs.gpg.homedir;
unlockKey = hasConfig && cfg.unlockGpgKeyOnLogin && hasKey; unlockKey = hasConfig && cfg.gpg.unlockKeys != [ ];
in in
{ {
config = lib.mkMerge [ config = lib.mkMerge [
@ -16,15 +16,14 @@ in
programs.git.userEmail = cfg.defaultIdentity.email; programs.git.userEmail = cfg.defaultIdentity.email;
programs.git.signing = lib.mkIf hasKey { programs.git.signing = lib.mkIf hasKey {
signByDefault = true; signByDefault = true;
key = gpgKey; key = signingKey;
}; };
}) })
(lib.mkIf unlockKey { (lib.mkIf unlockKey {
xdg.configFile.pam-gnupg.text = '' xdg.configFile.pam-gnupg.text = ''
${gpgHome} ${gpgHome}
${gpgKey} '' + (lib.strings.concatLines cfg.gpg.unlockKeys);
'';
}) })
]; ];
} }