feat: add rc.gpg home module for Yubikey identity signing (#450)

stackptr · claude · web-flow · commit b6d62d047a80 · 2026-04-16T06:03:20.000Z
* feat(home): create rc.gpp home module

* chore: use GPG identity on Rhizome

* fix: reduce GPG cache TTL

* feat: set options for Yubikey

* feat: disable external cache

* refactor(home): consolidate GPG and git signing config into rc.gpg module

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;

---------

Co-authored-by: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/home/default.nix b/home/default.nix
@@ -7,7 +7,6 @@
 }: {
   imports = [
     ./programs
-    ./services.nix
   ];
 
   age.identityPaths = [
diff --git a/home/services.nix b/home/services.nix
diff --git a/hosts/Rhizome/home.nix b/hosts/Rhizome/home.nix
@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+  rc.gpg.enable = true;
+}
diff --git a/modules/home/default.nix b/modules/home/default.nix
@@ -4,6 +4,7 @@
     ./programs
     ./development.nix
     ./editor.nix
+    ./gpg.nix
     ./scm.nix
     ./ssh.nix
     ./utilities.nix
diff --git a/modules/home/gpg.nix b/modules/home/gpg.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkIf;
+
+  cfg = config.rc.gpg;
+in {
+  options = {
+    rc.gpg = {
+      enable = lib.mkEnableOption "GPG-based identity configuration";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    programs.gpg = {
+      enable = true;
+      settings = {
+        default-key = "413D1A0152BCB08D2E3DDACAF88C08579051AB48";
+      };
+    };
+
+    programs.git.signing = {
+      key = "F88C08579051AB48";
+      signByDefault = true;
+    };
+
+    services.gpg-agent = {
+      enable = true;
+      enableScDaemon = true;
+      enableSshSupport = true;
+      enableZshIntegration = true;
+      defaultCacheTtlSsh = 600;
+      maxCacheTtlSsh = 3600;
+      noAllowExternalCache = true;
+      pinentry.package = with pkgs;
+        if stdenv.isDarwin
+        then pinentry_mac
+        else pinentry-tty;
+    };
+  };
+}
diff --git a/modules/home/scm.nix b/modules/home/scm.nix
@@ -51,10 +51,6 @@ in {
 
       programs.git = {
         enable = true;
-        signing = {
-          key = "F88C08579051AB48";
-          signByDefault = true;
-        };
         settings = {
           user = {
             name = "✿ corey";
@@ -72,13 +68,6 @@ in {
         enable = true;
         enableGitIntegration = true;
       };
-
-      programs.gpg = {
-        enable = true;
-        settings = {
-          default-key = "413D1A0152BCB08D2E3DDACAF88C08579051AB48";
-        };
-      };
     })
 
     (mkIf gitCfg.enableHubWrapper {

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{pkgs, ...}: {`
	`2`	`+ rc.gpg.enable = true;`
	`3`	`+}`