use sops-nix for secrets

1 files changed, 19 insertions, 8 deletions

diff --git a/nix/programs/gpg/default.nix b/nix/programs/gpg/default.nix
index 92549ff..5629995 100644
--- a/nix/programs/gpg/default.nix
+++ b/nix/programs/gpg/default.nix
@@ -1,24 +1,35 @@
 { config, lib, pkgs, ... }:
 
+let
+
+  keysDir = ../../../files/keys;
+  keys = lib.attrsets.mapAttrsToList (name: type: "${keysDir}/${name}") (builtins.readDir keysDir);
+
+in
 {
   home-manager.users.${config.user} = {
+
+    # install keys into gpg keyring
     programs.gpg = {
       enable = true;
-      publicKeys = [
-        {
-          source = ../../../files/keys/freya-gpg.pub;
-          trust = 5;
-        }
-      ];
+      publicKeys = map (file: { source = file; trust = 5; }) keys;
     };
 
+    # global gpg agent
     services.gpg-agent = {
       enable = true;
       enableExtraSocket = true;
       enableSshSupport = true;
-      #updateStartupTty = true;
-
       pinentryPackage = pkgs.pinentry-curses;
     };
+
+  };
+
+  # yubikey support
+  services = {
+    pcscd.enable = true;
+    udev.packages = with pkgs; [
+      yubikey-personalization
+    ];
   };
 }