From a870884e89b6dd6189a003a149377e659ec85449 Mon Sep 17 00:00:00 2001 From: Price Hiller Date: Tue, 28 May 2024 16:54:32 -0500 Subject: [PATCH] feat(nix/hm/price): install and enable `passwordstore` --- users/price/conf/gpg/default.nix | 26 +++++++++++++++++++++ users/price/conf/gpg/public-gpg-yubikey.asc | 23 ++++++++++++++++++ users/price/conf/password-store/default.nix | 9 +++++++ users/price/home.nix | 13 ----------- 4 files changed, 58 insertions(+), 13 deletions(-) create mode 100644 users/price/conf/gpg/default.nix create mode 100644 users/price/conf/gpg/public-gpg-yubikey.asc create mode 100644 users/price/conf/password-store/default.nix diff --git a/users/price/conf/gpg/default.nix b/users/price/conf/gpg/default.nix new file mode 100644 index 00000000..26006e96 --- /dev/null +++ b/users/price/conf/gpg/default.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: +{ + programs.gpg = { + enable = true; + mutableKeys = false; + mutableTrust = false; + publicKeys = [ + { + source = ./public-gpg-yubikey.asc; + trust = "ultimate"; + } + ]; + }; + services.gpg-agent = { + enable = true; + enableSshSupport = true; + enableZshIntegration = true; + pinentryPackage = pkgs.pinentry-qt; + maxCacheTtl = 14400; + maxCacheTtlSsh = 14400; + sshKeys = [ "530D3EC95C32AB9EC33714AAF865738D6E77680A" ]; + extraConfig = '' + allow-loopback-pinentry + ''; + }; +} diff --git a/users/price/conf/gpg/public-gpg-yubikey.asc b/users/price/conf/gpg/public-gpg-yubikey.asc new file mode 100644 index 00000000..893bac38 --- /dev/null +++ b/users/price/conf/gpg/public-gpg-yubikey.asc @@ -0,0 +1,23 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEZcr/DBYJKwYBBAHaRw8BAQdAdX0rCq01uITvmEdX3w4pfX5xa54jMFpNj3IR +zmSmRWC0KlByaWNlIEhpbGxlciA8cHJpY2VAb3Jpb24tdGVjaG5vbG9naWVzLmlv +PoiTBBMWCgA7FiEEYPhcq8iHPSlzCYj9w/rd56hTS+sFAmXK/wwCGwMFCwkIBwIC +IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQw/rd56hTS+snRgEAooLYtyXZi6ySXPmo +MBaW0FY5wiYiX1imCnA/umfAyrwBAJlDO/9xlCwZV21BPRVYly3eNLnKTv2qqaop +AR4WHUMKuDgEZcr/DBIKKwYBBAGXVQEFAQEHQBvhAevEIynyuaZlksxoywLnbZIG +Ha0FYmnXNJTxEERbAwEIB4h4BBgWCgAgFiEEYPhcq8iHPSlzCYj9w/rd56hTS+sF +AmXK/wwCGwwACgkQw/rd56hTS+tfoAEA1iFfQKlZIhzIZV5U8MP13h8KceafoinN +F41RMjxMKzwA/3E6duS7ySyzU3gjvvVRCdEkj5fm7San2qp8t4eYOzUKuDMEZcsB +OxYJKwYBBAHaRw8BAQdA6RaxKe2DW58XjRwAtwgEDtZmGJT9/RydyqrSlyn4NliI +eAQYFgoAIBYhBGD4XKvIhz0pcwmI/cP63eeoU0vrBQJlywE7AhsgAAoJEMP63eeo +U0vrCQEA/Rslj4BVvMHf6eAT/LNh9ddym5sJRAnNygkveOqbbQfPAQDYYFhkWRMM ++Y8UqGwZdmz6Sk1etxGyz2mCUh6W3mPRA7gzBGXLG2EWCSsGAQQB2kcPAQEHQIrG +smL7lFlQO7cEdJtSCFUPpJIQ5mG0NhKGsTpje6beiO8EGBYKACAWIQRg+FyryIc9 +KXMJiP3D+t3nqFNL6wUCZcsbYQIbAgCBCRDD+t3nqFNL63YgBBkWCgAdFiEEn6HD +U3znuaIpY8XbKfhI3Ql/OewFAmXLG2EACgkQKfhI3Ql/OexgggD7Bnz/CWNGOPp+ +TdYf0iLN4svcnvH+NnDudcVQ2q/N7MMA/304bxIbHzVQh9YmrgfADjQrv7aXlJQq +ENjJcQofONoBvlIA/1xYiSOwLec4RDV91BZdoIbXq9uicE0Dy5oDd2MA/3MGAP9i +I6sfqQ32hjX3ctBlrrF3evoyCOMfhJrjH3HnN+ZZAA== +=jjqq +-----END PGP PUBLIC KEY BLOCK----- diff --git a/users/price/conf/password-store/default.nix b/users/price/conf/password-store/default.nix new file mode 100644 index 00000000..bf1664f7 --- /dev/null +++ b/users/price/conf/password-store/default.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_KEY = "C3FADDE7A8534BEB"; + }; + }; +} diff --git a/users/price/home.nix b/users/price/home.nix index 5b001dbd..6dfe334a 100644 --- a/users/price/home.nix +++ b/users/price/home.nix @@ -253,7 +253,6 @@ in ); }; wofi.enable = true; - gpg.enable = true; firefox = { enable = true; package = pkgs.firefox-devedition; @@ -474,18 +473,6 @@ in }; cliphist.enable = true; easyeffects.enable = true; - gpg-agent = { - enable = true; - enableSshSupport = true; - enableZshIntegration = true; - pinentryPackage = pkgs.pinentry-qt; - maxCacheTtl = 14400; - maxCacheTtlSsh = 14400; - sshKeys = [ "530D3EC95C32AB9EC33714AAF865738D6E77680A" ]; - extraConfig = '' - allow-loopback-pinentry - ''; - }; }; systemd.user = {