nixcfg/modules/darwin/security/gpg/default.nix

{ lib, config, pkgs, inputs, ... }:

let
  inherit (lib) types mkEnableOption mkIf;
  inherit (lib.plusultra) mkOpt;

  cfg = config.plusultra.security.gpg;

  gpgConf = "${inputs.gpg-base-conf}/gpg.conf";

  gpgAgentConf = ''
    enable-ssh-support
    default-cache-ttl 60
    max-cache-ttl 120
  '';

  guide = "${inputs.yubikey-guide}/README.md";

  theme = pkgs.fetchFromGitHub {
    owner = "jez";
    repo = "pandoc-markdown-css-theme";
    rev = "019a4829242937761949274916022e9861ed0627";
    sha256 = "1h48yqffpaz437f3c9hfryf23r95rr319lrb3y79kxpxbc9hihxb";
  };

  guideHTML = pkgs.runCommand "yubikey-guide" { } ''
    ${pkgs.pandoc}/bin/pandoc \
      --standalone \
      --metadata title="Yubikey Guide" \
      --from markdown \
      --to html5+smart \
      --toc \
      --template ${theme}/template.html5 \
      --css ${theme}/docs/css/theme.css \
      --css ${theme}/docs/css/skylighting-solarized-theme.css \
      -o $out \
      ${guide}
  '';

  reload-yubikey = pkgs.writeShellScriptBin "reload-yubikey" ''
    ${pkgs.gnupg}/bin/gpg-connect-agent "scd serialno" "learn --force" /bye
  '';
in
{
  options.plusultra.security.gpg = {
    enable = mkEnableOption "GPG";
    agentTimeout = mkOpt types.int 5 "The amount of time to wait before continuing with shell init.";
  };

  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      gnupg
    ];

    environment.shellInit = ''
      export GPG_TTY="$(tty)"
      export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)

      ${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent
      gpg_agent_timeout_status=$?

      if [ "$gpg_agent_timeout_status" = 124 ]; then
        # Command timed out...
        echo "GPG Agent timed out..."
        echo 'Run "gpgconf --launch gpg-agent" to try and launch it again.'
      fi
    '';

    programs.gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };

    plusultra.home.file = {
      ".gnupg/.keep".text = "";

      ".gnupg/yubikey-guide.md".source = guide;
      ".gnupg/yubikey-guide.html".source = guideHTML;

      ".gnupg/gpg.conf".source = gpgConf;
      ".gnupg/gpg-agent.conf".text = gpgAgentConf;
    };
  };
}
refactor 2024-01-11 11:26:46 +01:00			`{ lib, config, pkgs, inputs, ... }:`

			`let`
			`inherit (lib) types mkEnableOption mkIf;`
			`inherit (lib.plusultra) mkOpt;`

			`cfg = config.plusultra.security.gpg;`

			`gpgConf = "${inputs.gpg-base-conf}/gpg.conf";`

			`gpgAgentConf = ''`
			`enable-ssh-support`
			`default-cache-ttl 60`
			`max-cache-ttl 120`
			`'';`

			`guide = "${inputs.yubikey-guide}/README.md";`

			`theme = pkgs.fetchFromGitHub {`
			`owner = "jez";`
			`repo = "pandoc-markdown-css-theme";`
			`rev = "019a4829242937761949274916022e9861ed0627";`
			`sha256 = "1h48yqffpaz437f3c9hfryf23r95rr319lrb3y79kxpxbc9hihxb";`
			`};`

			`guideHTML = pkgs.runCommand "yubikey-guide" { } ''`
			`${pkgs.pandoc}/bin/pandoc \`
			`--standalone \`
			`--metadata title="Yubikey Guide" \`
			`--from markdown \`
			`--to html5+smart \`
			`--toc \`
			`--template ${theme}/template.html5 \`
			`--css ${theme}/docs/css/theme.css \`
			`--css ${theme}/docs/css/skylighting-solarized-theme.css \`
			`-o $out \`
			`${guide}`
			`'';`

			`reload-yubikey = pkgs.writeShellScriptBin "reload-yubikey" ''`
			`${pkgs.gnupg}/bin/gpg-connect-agent "scd serialno" "learn --force" /bye`
			`'';`
			`in`
			`{`
			`options.plusultra.security.gpg = {`
			`enable = mkEnableOption "GPG";`
			`agentTimeout = mkOpt types.int 5 "The amount of time to wait before continuing with shell init.";`
			`};`

			`config = mkIf cfg.enable {`
			`environment.systemPackages = with pkgs; [`
			`gnupg`
			`];`

			`environment.shellInit = ''`
			`export GPG_TTY="$(tty)"`
			`export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)`

			`${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent`
			`gpg_agent_timeout_status=$?`

			`if [ "$gpg_agent_timeout_status" = 124 ]; then`
			`# Command timed out...`
			`echo "GPG Agent timed out..."`
			`echo 'Run "gpgconf --launch gpg-agent" to try and launch it again.'`
			`fi`
			`'';`

			`programs.gnupg.agent = {`
			`enable = true;`
			`enableSSHSupport = true;`
			`};`

			`plusultra.home.file = {`
			`".gnupg/.keep".text = "";`

			`".gnupg/yubikey-guide.md".source = guide;`
			`".gnupg/yubikey-guide.html".source = guideHTML;`

			`".gnupg/gpg.conf".source = gpgConf;`
			`".gnupg/gpg-agent.conf".text = gpgAgentConf;`
			`};`
			`};`
			`}`