dotfiles-nix/nix/programs/gpg/default.nix

{ config, lib, pkgs, ... }:

let

  keysDir = ../../../files/keys;
  keys = lib.attrsets.mapAttrsToList (name: type: "${keysDir}/${name}") (builtins.readDir keysDir);

in
{
  home-manager.users.${config.user} = {

    # install keys into gpg keyring
    programs.gpg = {
      enable = true;
      publicKeys = map (file: { source = file; trust = 5; }) keys;
    };

    # global gpg agent
    services.gpg-agent = {
      enable = true;
      enableExtraSocket = true;
      enableSshSupport = true;
      pinentryPackage = pkgs.pinentry-curses;
    };

  };

  # yubikey support
  services = {
    pcscd.enable = true;
    udev.packages = with pkgs; [
      yubikey-personalization
    ];
  };
}