From d999d4d0e68b9d7cfa0f477cdbac8fe82850ae78 Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Fri, 24 Jan 2025 13:06:22 -0500
Subject: use sops-nix for secrets

---
 nix/programs/gpg/default.nix | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

(limited to 'nix/programs/gpg')

diff --git a/nix/programs/gpg/default.nix b/nix/programs/gpg/default.nix
index 92549ff..5629995 100644
--- a/nix/programs/gpg/default.nix
+++ b/nix/programs/gpg/default.nix
@@ -1,24 +1,35 @@
 { config, lib, pkgs, ... }:
 
+let
+
+  keysDir = ../../../files/keys;
+  keys = lib.attrsets.mapAttrsToList (name: type: "${keysDir}/${name}") (builtins.readDir keysDir);
+
+in
 {
   home-manager.users.${config.user} = {
+
+    # install keys into gpg keyring
     programs.gpg = {
       enable = true;
-      publicKeys = [
-        {
-          source = ../../../files/keys/freya-gpg.pub;
-          trust = 5;
-        }
-      ];
+      publicKeys = map (file: { source = file; trust = 5; }) keys;
     };
 
+    # global gpg agent
     services.gpg-agent = {
       enable = true;
       enableExtraSocket = true;
       enableSshSupport = true;
-      #updateStartupTty = true;
-
       pinentryPackage = pkgs.pinentry-curses;
     };
+
+  };
+
+  # yubikey support
+  services = {
+    pcscd.enable = true;
+    udev.packages = with pkgs; [
+      yubikey-personalization
+    ];
   };
 }
-- 
cgit v1.2.3-freya