feat: add rc.gpg home module for Yubikey identity signing by stackptr · Pull Request #450 · stackptr/rc

stackptr · 2026-04-16T05:39:10Z

Summary

Adds modules/home/gpg.nix — a new rc.gpg home module with enable option that configures gpg-agent for Yubikey-based SSH identity signing (smart card daemon, SSH support, reduced cache TTL, no external cache)
Moves programs.gpg (gnupg install + default-key) and programs.git.signing (commit signing key + signByDefault) into rc.gpg, so they are only active when the module is enabled
Removes home/services.nix — the old unconditional GPG config that was applied to all hosts
Removes GPG and git signing config from modules/home/scm.nix
Enables rc.gpg only for Rhizome via hosts/Rhizome/home.nix

Build and switch Rhizome: nh darwin switch .#Rhizome
Verify gpg-agent starts with SSH support: echo $SSH_AUTH_SOCK should point to the gpg-agent socket
Verify Yubikey is detected: gpg --card-status
Verify SSH auth works with Yubikey key: ssh-add -L should list the key from the card
Verify git commits are signed: git log --show-signature
Confirm other hosts (glyph, spore, zeta) build without GPG agent configured

…dule Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

stackptr and others added 6 commits April 15, 2026 22:32

feat(home): create rc.gpp home module

44ff906

chore: use GPG identity on Rhizome

fd86191

fix: reduce GPG cache TTL

d2c1a55

feat: set options for Yubikey

5de14fc

feat: disable external cache

f35c1c2

refactor(home): consolidate GPG and git signing config into rc.gpg mo…

4abcf02

…dule Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

stackptr enabled auto-merge (squash) April 16, 2026 06:02

stackptr mentioned this pull request Apr 16, 2026

chore: document agent commit identity in CLAUDE.md #449

Closed

stackptr merged commit b6d62d0 into main Apr 16, 2026
5 checks passed