1 files changed, 38 insertions, 0 deletions

diff --git a/modules/workstation/gnupg/default.nix b/modules/workstation/gnupg/default.nix
new file mode 100644
index 000000000000..eda898314258
--- /dev/null
+++ b/modules/workstation/gnupg/default.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+
+let
+  gnupgHome = "${config.users.users.qyliss.home}/state/gnupg";
+
+  pinentryProgram =
+    if pkgs.stdenv.isDarwin then
+      "/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac"
+    else
+      "${pkgs.pinentry.qt}/bin/pinentry";
+
+  gpg-agent-conf = pkgs.writeText "gpg-agent.conf" ''
+    pinentry-program ${pinentryProgram}
+  '';
+in
+
+{
+  systemd.tmpfiles.rules = [
+    "d ${gnupgHome} 0700 qyliss qyliss"
+    "L+ ${gnupgHome}/dirmngr.conf   - - - - ${./dirmngr.conf}"
+    "L+ ${gnupgHome}/gpg.conf       - - - - ${./gpg.conf}"
+    "L+ ${gnupgHome}/gpg-agent.conf - - - - ${gpg-agent-conf}"
+  ];
+
+  environment.systemPackages = with pkgs; [ gnupg pinentry ];
+
+  environment.extraInit = ''
+    export GNUPGHOME="$HOME/state/gnupg"
+
+    if [ -z "$SSH_AUTH_SOCK" ]; then
+        export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+    fi
+  '';
+
+  programs.sway.extraConfig = ''
+    exec gpg-connect-agent /bye
+  '';
+}