refactor: make gpg-agent a common setting

2025-12-06 09:07:21 +01:00 · 2024-07-25 14:41:23 +02:00 · 2024-07-25 14:41:23 +02:00 · 414ff779b6
commit 414ff779b6
parent 5e2aae9558
10 changed files with 54 additions and 82 deletions
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@ -264,18 +264,6 @@ I also enable the extra socket here for ssh agent forwarding. But I have not ful

 #+begin_src nix :tangle no :noweb-ref gpgagent

-  services.gpg-agent = {
-    enable = true;
-    enableSshSupport = true;
-    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry.gtk2;
-    defaultCacheTtl = 600;
-    maxCacheTtl = 7200;
-    extraConfig = ''
-      allow-loopback-pinentry
-      allow-emacs-pinentry
-    '';
-  };

 #+end_src

@ -2165,7 +2153,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which
      # kernelPackages = pkgs.linuxPackages_latest;
    };

-    sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];

    networking = {
      hostName = "fourside"; # Define your hostname.
@ -2270,9 +2257,6 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was
  { config, pkgs, lib, ... }: with lib;
      {

-        <<gpgagent>>
-        sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
-
        # waybar config - TEMPLATE - update for cores and temp
        programs.waybar.settings.mainBar = {
          # temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input";
@ -5110,6 +5094,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at
  {
    sops = {

+      age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
      defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
      validateSopsFiles = false;

@ -5566,6 +5551,7 @@ This section sets up all the imports that are used in the home-manager section.
      ./kdeconnect.nix
      ./mako.nix
      ./sway.nix
+      ./gpg-agent.nix
    ];

    nix = {
@ -5954,20 +5940,21 @@ I use sops-nix to handle secrets that I want to have available on my machines at
 Since we are using the home-manager implementation here, we need to specify the runtime path.

 #+begin_src nix :tangle profiles/common/home/sops.nix
-  { config, ... }:
-  {
-    sops = {
-      defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
-      validateSopsFiles = false;
-      secrets = {
-        mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
-        nautilus = { path = "/run/user/1000/secrets/nautilus"; };
-        leon = { path = "/run/user/1000/secrets/leon"; };
-        swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
-        caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; };
+    { config, ... }:
+    {
+      sops = {
+        age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
+        defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
+        validateSopsFiles = false;
+        secrets = {
+          mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
+          nautilus = { path = "/run/user/1000/secrets/nautilus"; };
+          leon = { path = "/run/user/1000/secrets/leon"; };
+          swarselmail = { path = "/run/user/1000/secrets/swarselmail"; };
+          caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; };
+        };
      };
-    };
-}
+  }
 #+end_src

 *** SSH Machines
@ -7532,6 +7519,26 @@ Currently, I am too lazy to explain every option here, but most of it is very se
  }
 #+end_src

+*** gpg-agent
+
+#+begin_src nix :tangle profiles/common/home/gpg-agent.nix
+  { pkgs, ... }:
+  {
+  services.gpg-agent = {
+    enable = true;
+    enableSshSupport = true;
+    enableExtraSocket = true;
+    pinentryPackage = pkgs.pinentry.gtk2;
+    defaultCacheTtl = 600;
+    maxCacheTtl = 7200;
+    extraConfig = ''
+      allow-loopback-pinentry
+      allow-emacs-pinentry
+    '';
+  };
+  }
+#+end_src
+
 ** flake.nix template
 :PROPERTIES:
 :CUSTOM_ID: h:aee5ec75-7ca6-40d8-b6ac-a3e7e33a474b
--- a/profiles/TEMPLATE/home.nix
+++ b/profiles/TEMPLATE/home.nix
@ -3,18 +3,6 @@
 {


-  services.gpg-agent = {
-    enable = true;
-    enableSshSupport = true;
-    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry.gtk2;
-    defaultCacheTtl = 600;
-    maxCacheTtl = 7200;
-    extraConfig = ''
-      allow-loopback-pinentry
-      allow-emacs-pinentry
-    '';
-  };

  home = {
    username = "TEMPLATE";
--- a/profiles/common/home/default.nix
+++ b/profiles/common/home/default.nix
@ -26,6 +26,7 @@
    ./kdeconnect.nix
    ./mako.nix
    ./sway.nix
+    ./gpg-agent.nix
  ];

  nix = {
--- a/profiles/common/home/gpg-agent.nix
+++ b/profiles/common/home/gpg-agent.nix
@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  services.gpg-agent = {
+    enable = true;
+    enableSshSupport = true;
+    enableExtraSocket = true;
+    pinentryPackage = pkgs.pinentry.gtk2;
+    defaultCacheTtl = 600;
+    maxCacheTtl = 7200;
+    extraConfig = ''
+      allow-loopback-pinentry
+      allow-emacs-pinentry
+    '';
+  };
+}
--- a/profiles/common/home/sops.nix
+++ b/profiles/common/home/sops.nix
@ -1,6 +1,7 @@
 { config, ... }:
 {
  sops = {
+    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
    defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
    validateSopsFiles = false;
    secrets = {
--- a/profiles/common/nixos/sops.nix
+++ b/profiles/common/nixos/sops.nix
@ -2,6 +2,7 @@
 {
  sops = {

+    age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
    defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
    validateSopsFiles = false;

--- a/profiles/fourside/home.nix
+++ b/profiles/fourside/home.nix
@ -1,22 +1,6 @@
 { config, pkgs, lib, ... }: with lib;
 {

-
-  services.gpg-agent = {
-    enable = true;
-    enableSshSupport = true;
-    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry.gtk2;
-    defaultCacheTtl = 600;
-    maxCacheTtl = 7200;
-    extraConfig = ''
-      allow-loopback-pinentry
-      allow-emacs-pinentry
-    '';
-  };
-
-  sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
-
  # waybar config - TEMPLATE - update for cores and temp
  programs.waybar.settings.mainBar = {
    # temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input";
--- a/profiles/fourside/nixos.nix
+++ b/profiles/fourside/nixos.nix
@ -13,7 +13,6 @@
    # kernelPackages = pkgs.linuxPackages_latest;
  };

-  sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];

  networking = {
    hostName = "fourside"; # Define your hostname.
--- a/profiles/threed/home.nix
+++ b/profiles/threed/home.nix
@ -3,18 +3,6 @@
 {


-  services.gpg-agent = {
-    enable = true;
-    enableSshSupport = true;
-    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry.gtk2;
-    defaultCacheTtl = 600;
-    maxCacheTtl = 7200;
-    extraConfig = ''
-      allow-loopback-pinentry
-      allow-emacs-pinentry
-    '';
-  };


  home = {
--- a/profiles/winters/home.nix
+++ b/profiles/winters/home.nix
@ -3,18 +3,6 @@
 {


-  services.gpg-agent = {
-    enable = true;
-    enableSshSupport = true;
-    enableExtraSocket = true;
-    pinentryPackage = pkgs.pinentry.gtk2;
-    defaultCacheTtl = 600;
-    maxCacheTtl = 7200;
-    extraConfig = ''
-      allow-loopback-pinentry
-      allow-emacs-pinentry
-    '';
-  };

  home = {
    username = "swarsel";