feat: Encryption

2025-02-18 13:56:19 -07:00
parent 91b94d911f
commit d203a71aaa
15 changed files with 80 additions and 26 deletions
--- a/modules/home/gpg.nix
+++ b/modules/home/gpg.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.gpg;
+    mutableSymlink = config.lib.file.mkOutOfStoreSymlink;
+in {
+  options = {
+    sydnix.gpg = {
+      enable = lib.mkEnableOption "GnuPG";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    programs.gpg = {
+      enable = true;
+    };
+
+    services.gpg-agent = {
+      enable = true;
+      enableSshSupport = true;
+      enableBashIntegration = config.programs.bash.enable;
+      extraConfig =
+        "allow-loopback-pinentry"
+        + lib.optionalString
+          config.programs.emacs.enable "\nallow-emacs-pinentry";
+    };
+
+    home.file."private-keys/gpg/crumb".source =
+      mutableSymlink "/persist/private-keys/gpg/${config.home.username}";
+  };
+}
--- a/modules/home/sops.nix
+++ b/modules/home/sops.nix
@@ -19,6 +19,10 @@ in {
  };

  config = mkIf cfg.enable {
+    home.packages = [
+      pkgs.sops
+    ];
+
    sops = {
      age.keyFile = cfg.keyFile;
      defaultSopsFile = ../../users/${config.home.username}/secrets.yaml;