diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-06-19 16:36:01 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-06-19 16:36:01 +0100 |
| commit | 7eacd3c160f23fbff65c510aae70266b33b48bc2 (patch) | |
| tree | a5fc4f00c4e55b9a211ad7e315aae816c159c271 /nix/vm.nix | |
| parent | f484c7be7e72b18b337c57e6427bc4eaed5b3d13 (diff) | |
| download | dotfiles-7eacd3c160f23fbff65c510aae70266b33b48bc2.tar.gz dotfiles-7eacd3c160f23fbff65c510aae70266b33b48bc2.tar.bz2 dotfiles-7eacd3c160f23fbff65c510aae70266b33b48bc2.zip | |
Use local gpg-agent on VM
Diffstat (limited to 'nix/vm.nix')
| -rw-r--r-- | nix/vm.nix | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -8,6 +8,11 @@ let dotfiles = "${builtins.getEnv "HOME"}/.local/share/dotfiles"; link = path: config.lib.file.mkOutOfStoreSymlink "${dotfiles}/${path}"; + vmGpgAgentConf = pkgs.writeText "gpg-agent.conf" '' + enable-ssh-support + pinentry-program ${pkgs.pinentry-curses}/bin/pinentry-curses + allow-loopback-pinentry + ''; in { imports = [ ./common.nix ]; @@ -125,6 +130,15 @@ in "${dotfiles}/private_dot_ssh/config" "$HOME/.ssh/config" ''; + # GnuPG needs strict file modes and a VM-local pinentry path. Private + # keys and sshcontrol stay machine-local; import/add the work key manually. + home.activation.gnupgConfig = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + run install -d -m 700 "$HOME/.gnupg" + run install -m 600 \ + "${dotfiles}/private_dot_gnupg/gpg.conf" "$HOME/.gnupg/gpg.conf" + run install -m 600 "${vmGpgAgentConf}" "$HOME/.gnupg/gpg-agent.conf" + ''; + # ZDOTDIR redirect so login shells find ~/.config/zsh/.zprofile etc. # Also source HM's session-vars — HM normally drops these into # ~/.profile, but zsh login shells don't read .profile, and we don't |