feat(nix): migrate gnupg

2026-02-03 20:25:30 +00:00 · 2024-07-12 18:57:02 +02:00
parent 5786118225
commit 79fbc14576
7 changed files with 41 additions and 14 deletions
--- a/.dotbot.conf.yaml
+++ b/.dotbot.conf.yaml
@@ -8,7 +8,6 @@
    - ~/.config/gh
    - ~/.config/gh-dash
    - ~/.config/tmux
-    - ~/.gnupg

 - link:
    ~/.config/base16-shell: .base16-shell
@@ -29,8 +28,6 @@
    ~/.gitconfig: git/gitconfig
    ~/.gitignore: git/gitignore
    ~/.gitmux.conf: tmux/gitmux.conf
-    ~/.gnupg/gpg-agent.conf: gpg/gpg-agent.conf
-    ~/.gnupg/gpg.conf: gpg/gpg.conf
    ~/.tmux-cht-command: tmux/tmux-cht-command
    ~/.tmux-cht-languages: tmux/tmux-cht-languages
    ~/.tmux.conf: tmux/tmux.conf
--- a/6
+++ b/6
@@ -187,10 +187,6 @@ brew "glm"
 brew "glow"
 # GNU implementation of the famous stream editor
 brew "gnu-sed"
-# Common error values for all GnuPG components
-brew "libgpg-error"
-# GNU Pretty Good Privacy (PGP) package
-brew "gnupg"
 # Manage compile and link flags for libraries
 brew "pkg-config"
 # Generate introspection data for GObject libraries
@@ -199,6 +195,8 @@ brew "gobject-introspection"
 brew "sdl2_image"
 # Version Control Visualization Tool
 brew "gource"
+# Common error values for all GnuPG components
+brew "libgpg-error"
 # Graph visualization software from AT&T and Bell Labs
 brew "graphviz"
 # Command-line tool for generating regular expressions
--- a/gpg/gpg-agent.conf
+++ b/gpg/gpg-agent.conf
@@ -1,3 +0,0 @@
-pinentry-program /opt/homebrew/bin/pinentry-mac
-default-cache-ttl 600
-max-cache-ttl 7200
--- a/gpg/gpg.conf
+++ b/gpg/gpg.conf
@@ -1,4 +0,0 @@
-auto-key-retrieve
-no-emit-version
-use-agent
-default-key F0CF1CF481C2E3AA0F806A378BD4525D7A7253E8
--- a/nix/darwin/default.nix
+++ b/nix/darwin/default.nix
@@ -11,6 +11,13 @@
  nix.settings.experimental-features = "nix-command flakes";
  nixpkgs.config.allowUnfree = true;

+  # GnuPG
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+  environment.systemPackages = [ pkgs.pinentry_mac ];
+
  # Create /etc/zshrc that loads the nix-darwin environment.
  programs.zsh.enable = true; # default shell on catalina
  # programs.fish.enable = true;
--- a/nix/home/default.nix
+++ b/nix/home/default.nix
@@ -11,6 +11,7 @@ in
    ./asdf
    ./bat
    ./ctags
+    ./gnupg
    ./hammerspoon
    ./karabiner
    ./lazydocker
--- a/nix/home/gnupg/default.nix
+++ b/nix/home/gnupg/default.nix
@@ -0,0 +1,31 @@
+# TODO: Move public/private keys into nix
+{ pkgs, ... }:
+
+{
+  programs.gpg = {
+    enable = true;
+    settings = {
+      auto-key-retrieve = true;
+      no-emit-version = true;
+      use-agent = true;
+      default-key = "F0CF1CF481C2E3AA0F806A378BD4525D7A7253E8";
+    };
+
+    # GPG agent configuration
+    # These settings go into gpg-agent.conf
+    # NOTE: pinentry-program is set differently for macOS (see below)
+    scdaemonSettings = { };
+  };
+
+  # For macOS, we need to set the pinentry-program separately
+  home.file.".gnupg/gpg-agent.conf".text = ''
+    pinentry-program ${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac
+    default-cache-ttl 600
+    max-cache-ttl 7200
+  '';
+
+  home.packages = with pkgs; [
+    gnupg
+    pinentry_mac
+  ];
+}