remove gpg/yubikey external deps

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>

flake.lock

@@ -2018,8 +2018,7 @@
         "nixsgx-flake": "nixsgx-flake",
         "snowfall-lib": "snowfall-lib_2",
         "sops-nix": "sops-nix",
-        "unstable": "unstable",
-        "yubikey-guide": "yubikey-guide"
+        "unstable": "unstable"
       }
     },
     "rust-overlay": {
@@ -2626,22 +2625,6 @@
         "type": "github"
       }
     },
-    "yubikey-guide": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1710725874,
-        "narHash": "sha256-0COxYhs7VJGaO7mv23OEd7FjKRuTr+0zS9Ys9/exesI=",
-        "owner": "drduh",
-        "repo": "YubiKey-Guide",
-        "rev": "a7aa09bc80ccbcf13091e74fdf8e40701adee7f8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "drduh",
-        "repo": "YubiKey-Guide",
-        "type": "github"
-      }
-    },
     "zig": {
       "inputs": {
         "flake-compat": "flake-compat_2",

flake.nix

@@ -33,19 +33,6 @@
     sops-nix.url = "github:Mic92/sops-nix";
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";
 
-    # GPG default configuration
-    gpg-base-conf = {
-      url = "github:drduh/config";
-      flake = false;
-    };
-
-    # Yubikey Guide
-    yubikey-guide = {
-      url = "github:drduh/YubiKey-Guide";
-      flake = false;
-    };
-
-
     nixsgx-flake = {
       url = "github:matter-labs/nixsgx";
       # inputs.nixpkgs.follows = "nixpkgs";

modules/darwin/security/gpg/default.nix

@@ -5,8 +5,6 @@ let
   inherit (lib.metacfg) mkOpt;
 
   cfg = config.metacfg.security.gpg;
-  gpg = config.metacfg.security.gpg;
-  user = config.metacfg.user;
   gpgConf = "${inputs.gpg-base-conf}/gpg.conf";
 
   gpgAgentConf = ''
@@ -15,32 +13,6 @@ let
     max-cache-ttl 120
   '';
 
-  guide = "${inputs.yubikey-guide}/README.md";
-
-  theme = pkgs.fetchFromGitHub {
-    owner = "jez";
-    repo = "pandoc-markdown-css-theme";
-    rev = "019a4829242937761949274916022e9861ed0627";
-    sha256 = "1h48yqffpaz437f3c9hfryf23r95rr319lrb3y79kxpxbc9hihxb";
-  };
-
-  guideHTML = pkgs.runCommand "yubikey-guide" { } ''
-    ${pkgs.pandoc}/bin/pandoc \
-      --standalone \
-      --metadata title="Yubikey Guide" \
-      --from markdown \
-      --to html5+smart \
-      --toc \
-      --template ${theme}/template.html5 \
-      --css ${theme}/docs/css/theme.css \
-      --css ${theme}/docs/css/skylighting-solarized-theme.css \
-      -o $out \
-      ${guide}
-  '';
-
-  reload-yubikey = pkgs.writeShellScriptBin "reload-yubikey" ''
-    ${pkgs.gnupg}/bin/gpg-connect-agent "scd serialno" "learn --force" /bye
-  '';
 in
 {
   options.metacfg.security.gpg = {
@@ -75,10 +47,75 @@ in
     metacfg.home.file = {
       ".gnupg/.keep".text = "";
 
-      ".gnupg/yubikey-guide.md".source = guide;
-      ".gnupg/yubikey-guide.html".source = guideHTML;
-
-      ".gnupg/gpg.conf".source = gpgConf;
+      ".gnupg/gpg.conf".text = ''
+        # https://github.com/drduh/config/blob/master/gpg.conf
+        # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html
+        # https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html
+        # 'gpg --version' to get capabilities
+        # Use AES256, 192, or 128 as cipher
+        personal-cipher-preferences AES256 AES192 AES
+        # Use SHA512, 384, or 256 as digest
+        personal-digest-preferences SHA512 SHA384 SHA256
+        # Use ZLIB, BZIP2, ZIP, or no compression
+        personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
+        # Default preferences for new keys
+        default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
+        # SHA512 as digest to sign keys
+        cert-digest-algo SHA512
+        # SHA512 as digest for symmetric ops
+        s2k-digest-algo SHA512
+        # AES256 as cipher for symmetric ops
+        s2k-cipher-algo AES256
+        # UTF-8 support for compatibility
+        charset utf-8
+        # No comments in messages
+        no-comments
+        # No version in output
+        no-emit-version
+        # Disable banner
+        no-greeting
+        # Long key id format
+        keyid-format 0xlong
+        # Display UID validity
+        list-options show-uid-validity
+        verify-options show-uid-validity
+        # Display all keys and their fingerprints
+        with-fingerprint
+        # Display key origins and updates
+        #with-key-origin
+        # Cross-certify subkeys are present and valid
+        require-cross-certification
+        # Disable caching of passphrase for symmetrical ops
+        no-symkey-cache
+        # Enable smartcard
+        use-agent
+        # Disable recipient key ID in messages (breaks Mailvelope)
+        throw-keyids
+        # Default key ID to use (helpful with throw-keyids)
+        #default-key 0xFF3E7D88647EBCDB
+        #trusted-key 0xFF3E7D88647EBCDB
+        # Group recipient keys (preferred ID last)
+        #group keygroup = 0xFF00000000000001 0xFF00000000000002 0xFF3E7D88647EBCDB
+        # Keyserver URL
+        #keyserver hkps://keys.openpgp.org
+        #keyserver hkps://keys.mailvelope.com
+        #keyserver hkps://keyserver.ubuntu.com:443
+        #keyserver hkps://pgpkeys.eu
+        #keyserver hkps://pgp.circl.lu
+        #keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
+        # Keyserver proxy
+        #keyserver-options http-proxy=http://127.0.0.1:8118
+        #keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
+        # Enable key retrieval using WKD and DANE
+        #auto-key-locate wkd,dane,local
+        #auto-key-retrieve
+        # Trust delegation mechanism
+        #trust-model tofu+pgp
+        # Show expired subkeys
+        #list-options show-unusable-subkeys
+        # Verbose output
+        #verbose
+      '';
       ".gnupg/gpg-agent.conf".text = gpgAgentConf;
     };
   };