nixos/users/tdpeuter/dotfiles.nix

@@ -72,14 +72,15 @@ in {
             ".config/zellij" = {
               source = ../../../stow/zellij/.config/zellij;
             };
-            ".oh-my-zsh" = {
-              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
-              source = "${pkgs.oh-my-zsh}/share/oh-my-zsh";
+            ".gnupg" = {
+              enable = false;
+              # inherit (config.programs.gnupg.agent) enable; # TODO Enable Me
+              source = ../../../stow/gnupg/.gnupg;
               recursive = true;
-            };
-            ".oh-my-zsh/themes/tdpeuter.zsh-theme" = {
-              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
-              source = ../../../stow/zsh/.oh-my-zsh/themes/tdpeuter.zsh-theme;
+#              onChange = ''
+#                chmod 700 /home/tdpeuter/.gnupg
+#                chmod 600 /home/tdpeuter/.gnupg/*
+#              '';
             };
             ".ssh/config" = lib.mkIf config.sisyphus.programs.ssh.enable {
               inherit (config.sisyphus.programs.ssh) enable;
@@ -97,6 +98,15 @@ in {
             };
           }
           (lib.mkIf (config.users.users.tdpeuter.shell == pkgs.zsh) {
+            ".oh-my-zsh" = {
+              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
+              source = "${pkgs.oh-my-zsh}/share/oh-my-zsh";
+              recursive = true;
+            };
+            ".oh-my-zsh/themes/tdpeuter.zsh-theme" = {
+              enable = config.users.users.tdpeuter.shell == pkgs.zsh;
+              source = ../../../stow/zsh/.oh-my-zsh/themes/tdpeuter.zsh-theme;
+            };
             ".zshrc" = {
               source = ../../../stow/zsh/.zshrc;
             };

stow/gnupg/.gnupg/gpg-agent.conf

@@ -0,0 +1,5 @@
+enable-ssh-support
+default-cache-ttl      60
+default-cache-ttl-ssh  60
+max-cache-ttl         120
+max-cache-ttl-ssh     120

stow/gnupg/.gnupg/gpg.conf

@@ -0,0 +1,37 @@
+# Use UTF-8 character encoding everywhere.
+display-charset utf-8
+utf8-strings
+
+# When verifying a signature made from a subkey, require that the
+# cross-certification "back signature" on the subkey is present and valid.
+require-cross-certification
+
+# Method references
+personal-cipher-preferences AES256 AES192 AES
+personal-digest-preferences SHA512 SHA384 SHA256
+personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
+
+# New keys config
+default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
+cert-digest-algo SHA512
+
+# Symmatric ops
+s2k-digest-algo SHA512
+s2k-cipher-algo AES256
+# Disable cahcing of passphrase for symmatrical ops
+no-symkey-cache
+
+# Don't leak comments or software version information
+no-comments
+no-emit-version
+
+# Display full fingerprints
+keyid-format 0xlong
+with-fingerprint
+
+# Other display preferences
+list-options show-uid-validity
+verify-options show-uid-validity
+
+# Enable smart card
+use-agent

stow/gnupg/.gnupg/scdaemon.conf

@@ -0,0 +1,7 @@
+# Power down and ask PIN again after timout.
+card-timeout 180  # 3 minutes
+
+# Fix repeatedly prompting for an already-inserted YubiKey.
+# It works by disabling CCID-support, so it does not clash with pcsc.
+disable-ccid
+