feat(gpg): Add config

2025-09-16 21:21:38 +02:00 · 2025-09-16 21:21:38 +02:00 · a8ddc05ddd
commit a8ddc05ddd
parent a41cdeaf39
4 changed files with 66 additions and 7 deletions
--- a/nixos/users/tdpeuter/dotfiles.nix
+++ b/nixos/users/tdpeuter/dotfiles.nix
@ -72,14 +72,15 @@ in {
            ".config/zellij" = {
              source = ../../../stow/zellij/.config/zellij;
            };
-            ".oh-my-zsh" = {
-              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
-              source = "${pkgs.oh-my-zsh}/share/oh-my-zsh";
+            ".gnupg" = {
+              enable = false;
+              # inherit (config.programs.gnupg.agent) enable; # TODO Enable Me
+              source = ../../../stow/gnupg/.gnupg;
              recursive = true;
-            };
-            ".oh-my-zsh/themes/tdpeuter.zsh-theme" = {
-              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
-              source = ../../../stow/zsh/.oh-my-zsh/themes/tdpeuter.zsh-theme;
+#              onChange = ''
+#                chmod 700 /home/tdpeuter/.gnupg
+#                chmod 600 /home/tdpeuter/.gnupg/*
+#              '';
            };
            ".ssh/config" = lib.mkIf config.sisyphus.programs.ssh.enable {
              inherit (config.sisyphus.programs.ssh) enable;
@ -97,6 +98,15 @@ in {
            };
          }
          (lib.mkIf (config.users.users.tdpeuter.shell == pkgs.zsh) {
+            ".oh-my-zsh" = {
+              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
+              source = "${pkgs.oh-my-zsh}/share/oh-my-zsh";
+              recursive = true;
+            };
+            ".oh-my-zsh/themes/tdpeuter.zsh-theme" = {
+              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
+              source = ../../../stow/zsh/.oh-my-zsh/themes/tdpeuter.zsh-theme;
+            };
            ".zshrc" = {
              source = ../../../stow/zsh/.zshrc;
            };
--- a/stow/gnupg/.gnupg/gpg-agent.conf
+++ b/stow/gnupg/.gnupg/gpg-agent.conf
@ -0,0 +1,5 @@
+enable-ssh-support
+default-cache-ttl      60
+default-cache-ttl-ssh  60
+max-cache-ttl         120
+max-cache-ttl-ssh     120
--- a/stow/gnupg/.gnupg/gpg.conf
+++ b/stow/gnupg/.gnupg/gpg.conf
@ -0,0 +1,37 @@
+# Use UTF-8 character encoding everywhere.
+display-charset utf-8
+utf8-strings
+
+# When verifying a signature made from a subkey, require that the
+# cross-certification "back signature" on the subkey is present and valid.
+require-cross-certification
+
+# Method references
+personal-cipher-preferences AES256 AES192 AES
+personal-digest-preferences SHA512 SHA384 SHA256
+personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
+
+# New keys config
+default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
+cert-digest-algo SHA512
+
+# Symmatric ops
+s2k-digest-algo SHA512
+s2k-cipher-algo AES256
+# Disable cahcing of passphrase for symmatrical ops
+no-symkey-cache
+
+# Don't leak comments or software version information
+no-comments
+no-emit-version
+
+# Display full fingerprints
+keyid-format 0xlong
+with-fingerprint
+
+# Other display preferences
+list-options show-uid-validity
+verify-options show-uid-validity
+
+# Enable smart card
+use-agent
--- a/stow/gnupg/.gnupg/scdaemon.conf
+++ b/stow/gnupg/.gnupg/scdaemon.conf
@ -0,0 +1,7 @@
+# Power down and ask PIN again after timout.
+card-timeout 180  # 3 minutes
+
+# Fix repeatedly prompting for an already-inserted YubiKey.
+# It works by disabling CCID-support, so it does not clash with pcsc.
+disable-ccid
+