From 44ff90614ed7524f3ddab3970bb193754bcb07f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Apr 2026 22:32:05 -0700 Subject: [PATCH 1/6] feat(home): create rc.gpp home module --- modules/home/default.nix | 1 + modules/home/gpg.nix | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 modules/home/gpg.nix diff --git a/modules/home/default.nix b/modules/home/default.nix index 318cf79b..facce5db 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -4,6 +4,7 @@ ./programs ./development.nix ./editor.nix + ./gpg.nix ./scm.nix ./ssh.nix ./utilities.nix diff --git a/modules/home/gpg.nix b/modules/home/gpg.nix new file mode 100644 index 00000000..3351f69c --- /dev/null +++ b/modules/home/gpg.nix @@ -0,0 +1,29 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf mkOption; + + cfg = config.rc.gpg; +in { + options = { + rc.gpg = { + enable = lib.mkEnableOption "GPG-based identity configuration"; + }; + }; + + config = mkIf cfg.enable { + services.gpg-agent = { + enable = true; + enableZshIntegration = true; + defaultCacheTtl = 86400; + maxCacheTtl = 86400; + pinentry.package = with pkgs; + if stdenv.isDarwin + then pinentry_mac + else pinentry-tty; + }; + }; +} From fd861919c1915eeca1de67e0141fd4c631a214d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Apr 2026 22:32:57 -0700 Subject: [PATCH 2/6] chore: use GPG identity on Rhizome --- home/default.nix | 1 - home/services.nix | 12 ------------ hosts/Rhizome/home.nix | 3 +++ 3 files changed, 3 insertions(+), 13 deletions(-) delete mode 100644 home/services.nix create mode 100644 hosts/Rhizome/home.nix diff --git a/home/default.nix b/home/default.nix index e218ece7..95713608 100644 --- a/home/default.nix +++ b/home/default.nix @@ -7,7 +7,6 @@ }: { imports = [ ./programs - ./services.nix ]; age.identityPaths = [ diff --git a/home/services.nix b/home/services.nix deleted file mode 100644 index ee852b3f..00000000 --- a/home/services.nix +++ /dev/null @@ -1,12 +0,0 @@ -{pkgs, ...}: { - services.gpg-agent = { - enable = true; - enableZshIntegration = true; - defaultCacheTtl = 86400; - maxCacheTtl = 86400; - pinentry.package = with pkgs; - if stdenv.isDarwin - then pinentry_mac - else pinentry-tty; - }; -} diff --git a/hosts/Rhizome/home.nix b/hosts/Rhizome/home.nix new file mode 100644 index 00000000..803a42a7 --- /dev/null +++ b/hosts/Rhizome/home.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + rc.gpg.enable = true; +} From d2c1a5558427ee7fa09b4b8db583b263384f6e0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Apr 2026 22:33:38 -0700 Subject: [PATCH 3/6] fix: reduce GPG cache TTL --- modules/home/gpg.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/gpg.nix b/modules/home/gpg.nix index 3351f69c..151dc2a5 100644 --- a/modules/home/gpg.nix +++ b/modules/home/gpg.nix @@ -18,8 +18,8 @@ in { services.gpg-agent = { enable = true; enableZshIntegration = true; - defaultCacheTtl = 86400; - maxCacheTtl = 86400; + defaultCacheTtlSsh = 600; + maxCacheTtlSsh = 3600; pinentry.package = with pkgs; if stdenv.isDarwin then pinentry_mac From 5de14fccba2a52200ffe6e82b505c19d525a02e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Apr 2026 22:34:16 -0700 Subject: [PATCH 4/6] feat: set options for Yubikey --- modules/home/gpg.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home/gpg.nix b/modules/home/gpg.nix index 151dc2a5..2e4d2dd4 100644 --- a/modules/home/gpg.nix +++ b/modules/home/gpg.nix @@ -17,6 +17,8 @@ in { config = mkIf cfg.enable { services.gpg-agent = { enable = true; + enableScDaemon = true; + enableSshSupport = true; enableZshIntegration = true; defaultCacheTtlSsh = 600; maxCacheTtlSsh = 3600; From f35c1c28155f3c15436fc6ba4900a6fdcc6b221c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey=20=28they/them=29?= Date: Wed, 15 Apr 2026 22:35:06 -0700 Subject: [PATCH 5/6] feat: disable external cache --- modules/home/gpg.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/gpg.nix b/modules/home/gpg.nix index 2e4d2dd4..f2d7168c 100644 --- a/modules/home/gpg.nix +++ b/modules/home/gpg.nix @@ -22,6 +22,7 @@ in { enableZshIntegration = true; defaultCacheTtlSsh = 600; maxCacheTtlSsh = 3600; + noAllowExternalCache = true; pinentry.package = with pkgs; if stdenv.isDarwin then pinentry_mac From 4abcf026f50928c8f54238b87fd87e5eccdae2de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=9C=BF=20corey?= Date: Wed, 15 Apr 2026 22:56:48 -0700 Subject: [PATCH 6/6] refactor(home): consolidate GPG and git signing config into rc.gpg module Co-Authored-By: Claude Sonnet 4.6 --- modules/home/gpg.nix | 14 +++++++++++++- modules/home/scm.nix | 11 ----------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/modules/home/gpg.nix b/modules/home/gpg.nix index f2d7168c..b0fe1642 100644 --- a/modules/home/gpg.nix +++ b/modules/home/gpg.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - inherit (lib) mkIf mkOption; + inherit (lib) mkIf; cfg = config.rc.gpg; in { @@ -15,6 +15,18 @@ in { }; config = mkIf cfg.enable { + programs.gpg = { + enable = true; + settings = { + default-key = "413D1A0152BCB08D2E3DDACAF88C08579051AB48"; + }; + }; + + programs.git.signing = { + key = "F88C08579051AB48"; + signByDefault = true; + }; + services.gpg-agent = { enable = true; enableScDaemon = true; diff --git a/modules/home/scm.nix b/modules/home/scm.nix index a1f8b451..24af2317 100644 --- a/modules/home/scm.nix +++ b/modules/home/scm.nix @@ -51,10 +51,6 @@ in { programs.git = { enable = true; - signing = { - key = "F88C08579051AB48"; - signByDefault = true; - }; settings = { user = { name = "✿ corey"; @@ -72,13 +68,6 @@ in { enable = true; enableGitIntegration = true; }; - - programs.gpg = { - enable = true; - settings = { - default-key = "413D1A0152BCB08D2E3DDACAF88C08579051AB48"; - }; - }; }) (mkIf gitCfg.enableHubWrapper {