diff options
Diffstat (limited to 'nix/vm.nix')
| -rw-r--r-- | nix/vm.nix | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -8,6 +8,11 @@ let dotfiles = "${builtins.getEnv "HOME"}/.local/share/dotfiles"; link = path: config.lib.file.mkOutOfStoreSymlink "${dotfiles}/${path}"; + vmGpgAgentConf = pkgs.writeText "gpg-agent.conf" '' + enable-ssh-support + pinentry-program ${pkgs.pinentry-curses}/bin/pinentry-curses + allow-loopback-pinentry + ''; in { imports = [ ./common.nix ]; @@ -125,6 +130,15 @@ in "${dotfiles}/private_dot_ssh/config" "$HOME/.ssh/config" ''; + # GnuPG needs strict file modes and a VM-local pinentry path. Private + # keys and sshcontrol stay machine-local; import/add the work key manually. + home.activation.gnupgConfig = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + run install -d -m 700 "$HOME/.gnupg" + run install -m 600 \ + "${dotfiles}/private_dot_gnupg/gpg.conf" "$HOME/.gnupg/gpg.conf" + run install -m 600 "${vmGpgAgentConf}" "$HOME/.gnupg/gpg-agent.conf" + ''; + # ZDOTDIR redirect so login shells find ~/.config/zsh/.zprofile etc. # Also source HM's session-vars — HM normally drops these into # ~/.profile, but zsh login shells don't read .profile, and we don't |