From cae62a54426cdee04f767249047d8bc58d6aecf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= <lotte@chir.rs>
Date: Tue, 12 Nov 2024 15:15:52 +0100
Subject: [PATCH] initial support for gpg

---
 config/graphical.nix              |  3 ++-
 services/desktop/default.nix      |  1 +
 services/desktop/gpg/default.nix  | 10 ++++++++++
 services/security-key/default.nix |  7 +++++++
 services/security-key/pcscd.nix   |  6 ++++++
 services/security-key/tpm2.nix    | 11 +++++++++++
 6 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 services/desktop/gpg/default.nix
 create mode 100644 services/security-key/default.nix
 create mode 100644 services/security-key/pcscd.nix
 create mode 100644 services/security-key/tpm2.nix

diff --git a/config/graphical.nix b/config/graphical.nix
index 66bfaebf..ef05ff93 100644
--- a/config/graphical.nix
+++ b/config/graphical.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ nixos-config, ... }:
 {
   time.timeZone = "Etc/GMT-1";
   isGraphical = true;
@@ -6,5 +6,6 @@
     ./kde
     ./documentation.nix
     ./graphical/fonts.nix
+    "${nixos-config}/services/security-key"
   ];
 }
diff --git a/services/desktop/default.nix b/services/desktop/default.nix
index b6ba766e..0d8142ba 100644
--- a/services/desktop/default.nix
+++ b/services/desktop/default.nix
@@ -2,5 +2,6 @@
 {
   imports = [
     ./kdeconnect.nix
+    ./gpg
   ];
 }
diff --git a/services/desktop/gpg/default.nix b/services/desktop/gpg/default.nix
new file mode 100644
index 00000000..d6b73fbf
--- /dev/null
+++ b/services/desktop/gpg/default.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+  programs.gpg = {
+    enable = true;
+    homedir = "${config.xdg.dataHome}/gnupg";
+    mutableKeys = false;
+    mutableTrust = false;
+    scdaemonSettings.disable-ccid = true;
+  };
+}
diff --git a/services/security-key/default.nix b/services/security-key/default.nix
new file mode 100644
index 00000000..b9adab67
--- /dev/null
+++ b/services/security-key/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./pcscd.nix
+    ./tpm2.nix
+  ];
+}
diff --git a/services/security-key/pcscd.nix b/services/security-key/pcscd.nix
new file mode 100644
index 00000000..15f50c79
--- /dev/null
+++ b/services/security-key/pcscd.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  services.pcscd = {
+    enable = true;
+  };
+}
diff --git a/services/security-key/tpm2.nix b/services/security-key/tpm2.nix
new file mode 100644
index 00000000..c86fbd2d
--- /dev/null
+++ b/services/security-key/tpm2.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+  security.tpm2 = {
+    enable = true;
+    abrmd.enable = true;
+    pkcs11.enable = true;
+    tctiEnvironment.enable = true;
+  };
+  services.tcsd.enable = true;
+  systemd.tpm2.enable = true;
+}