support gpg

2024-11-21 09:22:59 +01:00 · 2024-11-21 09:22:59 +01:00 · 5f9d82aa02
commit 5f9d82aa02
parent 4123b40932
4 changed files with 109 additions and 1 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -65,3 +65,8 @@ creation_rules:
      - age:
          - *base
          - *darkkirb
+  - path_regex: services/desktop/gpg/privkey.yaml
+    key_groups:
+      - age:
+          - *base
+          - *darkkirb
--- a/services/desktop/gpg/default.nix
+++ b/services/desktop/gpg/default.nix
@ -1,4 +1,9 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 {
  programs.gpg = {
    enable = true;
@ -6,10 +11,29 @@
    mutableKeys = false;
    mutableTrust = false;
    scdaemonSettings.disable-ccid = true;
+    publicKeys = [
+      {
+        source = ./keys/0xB4E3D4801C49EC5E.asc;
+        trust = "ultimate";
+      }
+    ];
  };
  services.gpg-agent = {
    enable = true;
    enableSshSupport = true;
    pinentryPackage = pkgs.pinentry-qt;
  };
+  sops.secrets."pgp/0xB4E3D4801C49EC5E.asc".sopsFile = ./privkey.yaml;
+  home.activation.import-gpg-privkey =
+    lib.hm.dag.entryAfter
+      [
+        "writeBoundary"
+        "sops-nix"
+        "importGpgKeys"
+      ]
+      ''
+        run env GNUPGHOME=${config.programs.gpg.homedir} ${config.programs.gpg.package}/bin/gpg --import ${
+          config.sops.secrets."pgp/0xB4E3D4801C49EC5E.asc".path
+        }
+      '';
 }
--- a/services/desktop/gpg/keys/0xB4E3D4801C49EC5E.asc
+++ b/services/desktop/gpg/keys/0xB4E3D4801C49EC5E.asc
@ -0,0 +1,48 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYfph3hYJKwYBBAHaRw8BAQdAWYTcPt/iW5HydB1kBRgUk9yDIvp6iwYu8zVB
+yRsLPEi0JUNoYXJsb3R0ZSDwn6adIERlbGVuayA8bG90dGVAY2hpci5ycz6IzwQT
+FgoAdwIbAQQLCQgHBBUKCQgFFgIDAQACHgUCF4ACGQEWIQTvXzZ6leC/pjkC2Gq0
+49SAHEnsXgUCZElLLz0UgAAAAAAQACRwcm9vZkBhcmlhZG5lLmlkaHR0cHM6Ly9h
+a2tvLmNoaXIucnMvdXNlcnMvY2hhcmxvdHRlAAoJELTj1IAcSexexHYA/2t1Rgmb
+NXXBO+pmwII+EDIsOe1ZGI5lY1i6fXgq5c5iAQC2HqBXBv/E0ZJkQwaXLM3s+axP
+o38TImzETJKT3Ja/D4kCMwQQAQoAHRYhBCBtpeHaCQS27kkWujzvXdqRWuywBQJh
+mNQAAoJEDzvXdqRWuywotIP/3jCrxmP1q65BSx305uHGpt0Yn9X01xq0OBCCbBg
+8GRfdCYCFi1QzNcZwcrNZm71TR4gr5r0ZdZECHtm8AQe3nMtD9MJhsnku8qrMIwl
+Y/HFgtZcQToMQgd3tDciMnBLLQhsNsW2gePN/REgHbq0VRNQX4UvwN9u+4Odp+W6
+aOuG4mx/t0SHPvftsLn7DTP0/tIHQT6iWtIqfqtWtuxL7SLrzKzRWuNmYGKwgx7g
+cmg4aBEBBpTQxx8aokPtcV90GTx6oU4gKaZsDuHkHERKggJZqZJNpuiJio45yvOC
+Ht/7UwpSJI/WL4bvN8S9ecSRGiweillZlk/fQe9Rmok7NOsn2lA0Jpvj5UngqiSe
+dqKfcDcgNRPXoc6aZYZV97Vddttploa93MG50DGjEUERX9vxwU0YcxmmvfNoH07M
+Exp2eGlNImCGnlTyP7CLHnhfb9GeH63dKCkmYNNzP9p0f/HDPzSWCCFCGXz915nn
+ZiJag/4bu4j+iDkXb0qYWCE8YQnCyDJjFbno7mzmyZdzRxdAt1UtLs0JjV6r3M5r
+biH59aOgLjG1Co7ZbWj6tcQsgT+40GceiyMEva1eOm+lYjJnB2GQBCyeFhipnZTa
+3yUeA86gKNjGwRGhqeQHpkuJeQkbwuYpY2p7scn5wAmn6tuJbup/7hBYjRXcTcat
+/G/ziJEEExYKADkCGwEECwkIBwQVCgkIBRYCAwEAAh4FAheAFiEE7182epXgv6Y5
+AthqtOPUgBxJ7F4FAmH6ZEgCGQEACgkQtOPUgBxJ7F7MbQEA28gNr8W5c2qiAEp1
+gd7MWXU7/XDA1T7KB0gT4zikePwA/irn7tpqLyZC4d+N8gF2950qMt9h+t6kamc+
+GtEyF6UDtCxDaGFybG90dGUg8J+mnSBEZWxlbmsgPGRhcmtraXJiQGRhcmtraXJi
+LmRlPojMBBMWCgB0AhsBBAsJCAcEFQoJCAUWAgMBAAIeBQIXgBYhBO9fNnqV4L+m
+OQLYarTj1IAcSexeBQJkSUsvPRSAAAAAABAAJHByb29mQGFyaWFkbmUuaWRodHRw
+czovL2Fra28uY2hpci5ycy91c2Vycy9jaGFybG90dGUACgkQtOPUgBxJ7F6llAD/
+U6oyWWt+QXgnlfivMe2EprjR3XlNDTkA7qYwEHsFmJIA/AyWeaRoJWQKc/U7BaO2
+cCAOm8cZc0ANLuPX8Mz5FZ4OiI4EExYKADYWIQTvXzZ6leC/pjkC2Gq049SAHEns
+XgUCYfpkLQIbAQQLCQgHBBUKCQgFFgIDAQACHgUCF4AACgkQtOPUgBxJ7F6SCwD/
+S4pvjaU3c6Ov9LiETafcQnGOoyo1ATknphL5H2agh0UBAOPmX3T7NrWepQVJt4Nc
+Qp3Nuggqqw3xPjqjrOpPnHAOuDMEYfpjyRYJKwYBBAHaRw8BAQdAPNDxa/Ee1Ovc
+aJiFJb3HNGKjVZBepXDN0gX9CTYEVj+I9QQYFgoAJgIbAhYhBO9fNnqV4L+mOQLY
+arTj1IAcSexeBQJnPutvBQkHJbsmAIF2IAQZFgoAHRYhBC79cu8hxFgw7HriU6sr
+2Nry43EiBQJh+mPJAAoJEKsr2Nry43Ei4NYA/AsOyJgBZq6MET81FjAa16fZWlAC
+dGxqNMEv2XVtsp7PAQCTNdttTShA84S/ZY5znPZQMxGtdDpVnXI+oQm8fkgRDwkQ
+tOPUgBxJ7F7bkQEA/LYsodtgoK47nrJtPSTESMnQcyO+9U8f9bLgffs+MVMBAP5m
+X19Mmq6x++GuMsTNk9SHZccuIZwodfLuHYV2fVIFuDgEYfpj6hIKKwYBBAGXVQEF
+AQEHQMcqCbS7zlaE56jD3Dwk+/ty58wLxolO9Uw6j31UsnoOAwEIB4h+BBgWCgAm
+AhsMFiEE7182epXgv6Y5AthqtOPUgBxJ7F4FAmc+628FCQcluwUACgkQtOPUgBxJ
+7F4PkwD/QwITag2hM3yL9YuOjCD7/mWIVt/i39RgTgb7czN/OeEA/3v2NVVHwfBu
+UQkC4h07SFLAysIiosQaEGamnyLim2QPuDMEYfpkABYJKwYBBAHaRw8BAQdAUWJh
+OMgwfpjMCtNYyNPyviKMsN5N1EB6R6NET9b+cseIfgQYFgoAJgIbIBYhBO9fNnqV
+4L+mOQLYarTj1IAcSexeBQJnPutvBQkHJbrvAAoJELTj1IAcSexereMBALbxvn97
+a1RA7bU0g2C05CTkcArsm63ugmBq/fztsEnUAP9xmlZgD4TUuxQfEhPnzE8Zdw++
+3a97jNjZSnYc0NxGBA==
+=VnTl
+-----END PGP PUBLIC KEY BLOCK-----
--- a/services/desktop/gpg/privkey.yaml
+++ b/services/desktop/gpg/privkey.yaml
@ -0,0 +1,31 @@
+pgp:
+    0xB4E3D4801C49EC5E.asc: ENC[AES256_GCM,data:eGvKzysZy46FNrjfuDHUXidvAsAnyAszGMSlk2KVu8T9UjjT/KMta1Ys9wgfGn3MVm8SUhohprdR31R83l2+2FqNaRVcYNRhvsfrGUtmsPEC1346D0D3nxIcu33Pv7eROnIc7AaAcf+j2rHeqCyaSDS3Uwdx8oyl/ceiTaAzlohoDfPo43b5uetaCWH4KSdK2LKmrisOymrD4qrhgtFgpaIV6c3GfjrRG0uHczpoMOEje19IyenfF6uaIVSuXEjZqfi9dazFF3RtEpeNA4+oS29iKoY1zF2zj5uX10HlKrC+caiiJ7vO+yLt47jjYu2TbbbRgNR4AkMsxoW78EwBIHWKWp59q1mJV6uNL7Xjrxhq9qKxfcv08RHlk5jhM7Fy6/3pgAmhv/DuiIF3zWpaD1h4JJA+WMeoYb0N2npaW6mVUn61dIArbTxlxUxhtIPbxCa7cRqCe/YWrnFbca4aeSIgId8T46sN+Iv2O5yI9BZJabC8rfgQcESNUOJMbeCoQZR2+XCYnB1mo6Elh1mAeqIsaXRtSHzuWboIb9D6f9yY2KEousx6dskXor++LEQL4+z0POOIdjeS3m1F8SJBJ46aFIis57rls7sQs7bjeIrSjI8aWGCPwoSLIUe8Yv9leOnkijy3mzq75SAQ984nmuhByNXs9rfQZ038ZtK9RaafASZwuURErD2+h2ZHElU5BieI6Zd6r1efOe2NG4BD2bI0nghF7CG30A0KeiS3Gh+Xb65LooMZ/BKkYLiMEGvT9fJeCVLCMyDK+dUGSZgjdkG9nyosYyWxqSGo8eTSQWTnS2bwoBI2sHyd7/NvJ0rQeq6VhUa/S9jygNfp60/W6GN+kmLFv1yhkhjhvyXM7iyqabaZqf9DJnD7UpDg1h4faMEvWSS2sEjrUvZm4FGEn/k3yS0WiXzCqj6/TeuSjQbjsgC102Si2ULSwIy2wGYfPZLFRO/I55nGK/Vxx+/KePWBif0wJ7r5PdICiR6LVcDhF+ZXjPLvg4HsxhuPaBl1hHDuB6/0ZMX2b+3EWPzw2kwvBdzte1lr01cRq/tj1Xx1aecPNr+/l+yACrDyf3X2Mshuk+ad8eP1BvaIcNT5pFADXqcY5okavUHrhIU0lGf6WytFDa/aOX9z5IZG2CPmZ7ACyrJMDl+ESCC5WWinSBq83vHmxQYlqyRs0lPYQObbqGvT91GCDhqB/T86CMiJf/z1BlqDIIsTjBJE6328KAEv364d1fjAJG1Cws98lRqcaTNgnhfYJ7LLVY4GPXVrOhoUumH7NaeSWhDEYehproEIcu/SmOWWzG4o1UGePf2rH3l7zdWtVImIXN7g8G4YwY/zAfoUtn0KBpJVp0ZcnklpwZs4nfpvN0DBtAPn0toozEF4fyXjzbTK8bU7UZ/zpKvmea/5WaV9SyESb/A9AJPq9teui0A9u/DxKQx7SHtR1a5w8ysTsBAAzWswbgDUHxE3V6leCTjR5GvSofLDIuygyQCZ/IMu52EckDhf0cesfydLzyt0sm89/0s/B0mvAeQR/pQl86vuPMuJdpy7VrGeLpbWAFYNTwxDteaZXRGsJudRnm0UGrchhjU6jBeiIvpOi2I6TucjyNWdMOnHx1zBnJchZ87g1QWIqQ9RHCgVWhaDY76q/yvDlbdwmo7c5XSnIx7pHuCSvR2khi8yE3K2NImgL+S12qU0QtHXd3XPAD/+QpNOprc5y1pY4rHoT5WcOsrMBI4NxixGDJb2Ovzd1NxIXmX0qSuiP/AuyWNg763dBi0KDI0DHZM7QE855VGZKSemaaLs8M4w1cEo3oDzVFO9Pt+UFzxhp10AyeY65IhYmPEpQ1YFgQvqKg4SfWPGE2x0jJ25hRrAqJx26aSVybKEnm3zne+OSZT4E/E7fUvZr/+evxGOTzA92TJjxECRqoAOBTXaVoUcbEOcShT8bgGj0IkTsVYAESUAngzi2/vNLdwxLuDlYbPDF2JEdKZRS4vmcvy7kM9URXF7U1WrphFYmJnHDC7LLyBdzJMg49HDEgmgAiYk9f7zb/9A/NExsxFOq/PoqD3oyQzV+l7xSiBLXRs0uw8JqzF59TNK1XCEsru0U0zyWRN789tun0TNoQR6SyV1jeymsQC4tKUYvXucPsQObokF9OB8VlfIcLZ7omSymOjfWXM2ux2Qcxgmy12rnpFxTBIhB9zRXTBiUPlt+XM5EwEv4ys2q4g7Gs/vYgMT2a9tnI8I4pyCJKItsNbn0mrk6JEojiSn+HnXEbM79DCPpxGUXHMor7BkxHPoBCu6kwde5Igr6126z70dMkxwY2tOI+SghTojbkFRMmVJ8yrgBZB6cu0eSr86yH/uX6UtXfQx809TcQix2seSBqO7r31MLVfhRV+v5e3OT4QXV9EaAOrfGIM0dzkvceq96HgOogxYhr6krQbF61fpebcwNBHaUDs//f34PefykE8RLkza8HcCGsr62YM2yPxXhU0cEaimfhDJ1Qgi6rjnGY8QfxRQPUwmdscWfYnIsAPPoiTQ//up6XEewFqKE9AordPy53fpW6j0xNojyz4FqexgC/zBAxO7j2STSPf3J9A4PJlamEBrbE7XatBAOFhHN1JZUZYSlDc/FHJO/5A/FoELPG3kHzQ/uLG0tGZPqsSP4y5RPz+vmP2CzCl3tzrC7doQJ3kStXzGk8IMc8Ix6XiBrIxNlZacbxUiO65qC5n/7OrSGTQ9SDD7N8IKyfNDHVabtPHLWoR6QvaFyCnyqthOOsAyvPUKu6M4af8wNaSXvHM1jCRYKvaTVLgcIzscV+NVYSMnd+JdGtEWLQs804pa9EKFqK7G7fVJlSkr78jwTpVmkVY2j3JCIjlgXAP0XCxz8KL5XNKlPUZAFwqS17XvgmaLA6FLv8sv0Qare9jtYp9bR70B9G6tzZ6StnR0+nNJI6br8jsaSVD2UycH64V1PaqT5cyNA0K/+fdb5qRWCFUxQuBk5cDq6TLxtVYcN38a1HQzM7Vrsw0XEblKjesAgwN3aKeCpagTKwLA0ruhtUPPoHsmM/b6vNB54lBAbDVkVIJdd7NylUmIJjXjPV9pjH1BH9q7wUIAiXQJwKcuIPnwiywblye2iuqkxX//aLkaMSJqlzIbINbyg1YGxo7KOfX8uSPD2ZTH1C2QzCdU+yQhDY90hSIy0dFQJhHuEujDP09tUZIUJege7BTvUzWtlTStX9rUi3uii9bxv/szlQrhFE2ltoTN0arhLtzcRXkLRjDUkw0tmHP7Ah3kwJfV3mBc156pcFPDt9Ay8VOUqiTn3P2gL23oFL3EV0DrZ/xiPrrP3x8q+ELqM6vDpJkUhEIKPLB+YfmqYH9WGB/fZNtMFhx9HdXXXO1Ylc9adyGnOS3qTqrosfhfEfi3bxQ07VlpDDwtBbd3pXwJGjNj+v8pNCaxccVUdG+q/7z6u4kdG2UDRv09HanC2fvr2ylr0/QIDdMTD+ka81ZK/CuB1D5O0CxOr0sncYmy3xTjppLBGsrF3AdIZ0dQskBfajtfaihbBygFcLtq2GudWNXbhzEy6w36Uq/urQCrCGGjDTpmjDlzUSPm/Uac6WXa02aJ8nj7PAMdX176OYO4zcOk0TWBx6PFB9xaIX37rEm8q1TDM0UCuGXqgqKMlbo7vip8oPxMqNRdNsQiLUQlRRpo4xVDwTIXQE3RRSGXeCfOEbSpRVSw3fuVL/85gL+0nW1e+iTNjZTOMdFwYgKAlVF8or3A0yeGcLuTU0uBRFoEpb9ab1d2uaGiQC3CSyRj8CdJ7SHrNulUzKfK4GKd55MkfFuP6hqZW4LTvX0ZGjAdyhj6dXlKQetFjYZDW5b8UoJYQhFAtjzbJj+9PmpFMPwU7HwrpJskmDGsdLZlBCxPBw/kpkw/GSUMVqRKcajQ71M0UxkmHHXERho3x2Lwieahb9cAmbkySUPSlBiqct/0n0EP5GAkXsrZCVgIxnZ1cutbIFTAjDr5+F/UhzKtqEupbF5WXgyZKi5K8nRA5yjpBybVpKgcfLdm4VF+wKl/h0UkVMdk+3F2E1A14EMB9e2aDKI=,iv:DXDK1KJ5TVIaz43GZEYEQRX/KYhV79hpu9RB6BdqP58=,tag:c2cbvykpswWiuVmtnoQ1Ww==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQ1Q1YjB6V09UZzNZeE1Z
+            c2tNZFoyZ0xnWUV4NDVjRC9WS1lPcE8rMDJzCnF1ZFJvZEhLM09XeHZESTFla0ow
+            c0srSGRtdnBLSytqT1ZQNzh6MjR6MEUKLS0tIHZxdktjMnhDUnpFRFV6TDdHTWtN
+            QjQzempqdGloNnBIT1gzM0ZHUUwwVHMKzu/dHJ30SM1u8iAcAUFET2R4MImrxXyb
+            oaysw2RJzhb+THz+bnyeP+eH6kXcvg6tvzdESd/QOXQzbE5iraG5eg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncThtZS9Ea0wrek94S1Nq
+            eWVEbEpvMWpGMW9UUGh6U1JYOGFndDY5NG5JClNPVVlsblFjQXJqcjgwdi91TWxP
+            UFdCcU5hZE4xbW5aNXYvN3M3bFZ6bGsKLS0tIFE0TGx5azNPYXF2MWdsNHpoMzhM
+            cnM5SGg1TEkrN1dCOEZWbElaVEFzNlkKzHjTkcZmcqxwfwExMH3fnNIesvy6y8N7
+            aSqPXsd2xo6yc2TNTh1ufvpKOwR6HB5q9AT1Dnpyrrmn0MwPdIHQEQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-21T08:13:09Z"
+    mac: ENC[AES256_GCM,data:bn1lA00v4gQqJ5rySjOmNVOGKTuJIsQ7YBiVMhvIwrKI58KjRENYUCGTxqHkfLYFUr7JpP6fCVgw6vOwe6UGc17p4aFAnERBzKZlo9FPQFYuZ0Kgjacv+QRX5Ie9DR1a6yF6mVJ8Fcub9TH9tL6lHd4Z28MSuVHQgnV8ajVYd5c=,iv:KyVVUITsTCeq+slNOtrWY8NrXzDaCPSrF2C6K9AmBzo=,tag:mSGLiTnlTysQKPUL/8JSDg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1