fix: add gpg-keygrab to not have to run gpg --card-statu
This commit is contained in:
parent
536dc325c3
commit
8ca4b05f25
GPG key ID:
451F95EFB8BECD0F
|
|
@ -1,4 +1,9 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
nixosConfig,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
services.gpg-agent = {
|
services.gpg-agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableSshSupport = true;
|
enableSshSupport = true;
|
||||||
|
|
@ -71,4 +76,10 @@
|
||||||
#list-options show-unusable-subkeys
|
#list-options show-unusable-subkeys
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# Make sure the keygrips exist, otherwise we'd need to run `gpg --card-status`
|
||||||
|
# before being able to use the yubikey.
|
||||||
|
home.activation.installKeygrips = lib.hm.dag.entryAfter ["writeBoundary"] ''
|
||||||
|
run mkdir -p "$HOME/.gnupg/private-keys-v1.d"
|
||||||
|
run ${lib.getExe pkgs.gnutar} xvf ${lib.escapeShellArg nixosConfig.age.secrets."my-gpg-yubikey-keygrip.tar".path} -C "$HOME/.gnupg/private-keys-v1.d/"
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,12 @@ lib.optionalAttrs (!minimal) {
|
||||||
rekeyFile = ../../secrets/smb.cred.age;
|
rekeyFile = ../../secrets/smb.cred.age;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
age.secrets."my-gpg-yubikey-keygrip.tar" = {
|
||||||
|
rekeyFile = ./secrets/gpg-keygrip.tar.age;
|
||||||
|
group = "patrick";
|
||||||
|
mode = "640";
|
||||||
|
};
|
||||||
|
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
|
|
||||||
home-manager.users.patrick = {
|
home-manager.users.patrick = {
|
||||||
|
|
|
||||||
BIN
users/patrick/secrets/gpg-keygrip.tar.age
Normal file
BIN
users/patrick/secrets/gpg-keygrip.tar.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue