From e48c086eb61d128b35af1369302f18d9a68c869f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Thu, 21 Nov 2024 09:44:10 +0100 Subject: [PATCH] forward gpg and ssh agent --- programs/ssh/home-manager.nix | 10 ++++++++++ services/desktop/gpg/default.nix | 14 ++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/programs/ssh/home-manager.nix b/programs/ssh/home-manager.nix index 8d01f313..0364e0a1 100644 --- a/programs/ssh/home-manager.nix +++ b/programs/ssh/home-manager.nix @@ -18,6 +18,7 @@ "build-rainbow-resort" "build-aarch64" "build-riscv" + "rainbow-resort.int.chir.rs" ] { identityFile = @@ -26,6 +27,15 @@ else config.sops.secrets.".ssh/id_ed25519_sk".path; }; + matchBlocks."rainbow-resort.int.chir.rs" = { + forwardAgent = true; + remoteForwards = [ + { + bind.address = "/%d/.local/state/gnupg/S.gpg-agent"; + host.address = "/%d/.local/state/gnupg/S.gpg-agent.extra"; + } + ]; + }; enable = true; }; sops.secrets = lib.mkIf (config.home.username != "root") { diff --git a/services/desktop/gpg/default.nix b/services/desktop/gpg/default.nix index 6bd40f32..f4766b17 100644 --- a/services/desktop/gpg/default.nix +++ b/services/desktop/gpg/default.nix @@ -22,6 +22,7 @@ enable = true; enableSshSupport = true; pinentryPackage = pkgs.pinentry-qt; + enableExtraSocket = true; }; sops.secrets."pgp/0xB4E3D4801C49EC5E.asc".sopsFile = ./privkey.yaml; home.activation.import-gpg-privkey = @@ -36,4 +37,17 @@ config.sops.secrets."pgp/0xB4E3D4801C49EC5E.asc".path } ''; + programs.fish.loginShellInit = "gpgconf --launch gpg-agent"; + systemd.user.services.link-gnupg-sockets = { + Unit = { + Description = "link gnupg sockets from /run to /home"; + }; + Service = { + Type = "oneshot"; + ExecStart = "${pkgs.coreutils}/bin/ln -Tfs /run/user/%U/gnupg %h/.local/state/gnupg"; + ExecStop = "${pkgs.coreutils}/bin/rm $HOME/.local/state/gnupg"; + RemainAfterExit = true; + }; + Install.WantedBy = [ "default.target" ]; + }; }