From 14583971eda76173a2f9cec868a3e10ca0840fa5 Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.dev>
Date: Tue, 22 Apr 2025 00:31:56 +0100
Subject: [PATCH] Configure pam-gnupg

Automatically unlock my GPG key on login to make it easier to work with
pass, neomutt, etc.

See https://github.com/cruegge/pam-gnupg.
---
 hosts/t480/configuration.nix     |  9 +++++++++
 modules/mixins/gnupg.nix         | 14 ++++++++++++++
 modules/mixins/zsh/default.nix   |  6 ++++--
 modules/profiles/dwm/default.nix |  5 +----
 modules/profiles/dwm/xinitrc     |  5 +++++
 5 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/hosts/t480/configuration.nix b/hosts/t480/configuration.nix
index 06cbf1ce..baff0d60 100644
--- a/hosts/t480/configuration.nix
+++ b/hosts/t480/configuration.nix
@@ -132,6 +132,8 @@ in
     xserver = {
       enable = true;
 
+      displayManager.startx.enable = true;
+
       xkb = {
         layout = "gb";
         variant = "";
@@ -140,4 +142,11 @@ in
   };
 
   programs.dconf.enable = true;
+
+  home-manager.users.opdavies = {
+    xdg.configFile."pam-gnupg".text = ''
+      098EE055DAD2B9CB68154C6759DD38292D2273B6
+      1E21B58D69FFEFAD077F152A50FEA938A3413F50
+    '';
+  };
 }
diff --git a/modules/mixins/gnupg.nix b/modules/mixins/gnupg.nix
index 1ed32dc9..416180b5 100644
--- a/modules/mixins/gnupg.nix
+++ b/modules/mixins/gnupg.nix
@@ -1,11 +1,25 @@
 { pkgs, ... }:
 
 {
+  security.pam.services.login.gnupg.enable = true;
+
   programs = {
     gnupg.agent = {
       enable = true;
       enableSSHSupport = true;
+
       pinentryPackage = pkgs.pinentry-qt;
     };
   };
+
+  home-manager.users.opdavies = {
+    home.file = {
+      ".gnupg/gpg-agent.conf".text = ''
+        allow-preset-passphrase
+        default-cache-ttl 600
+        max-cache-ttl 7200
+        enable-ssh-support
+      '';
+    };
+  };
 }
diff --git a/modules/mixins/zsh/default.nix b/modules/mixins/zsh/default.nix
index abf9ca56..26d17d50 100644
--- a/modules/mixins/zsh/default.nix
+++ b/modules/mixins/zsh/default.nix
@@ -22,11 +22,13 @@
           ABBR_SET_EXPANSION_CURSOR = 1;
         };
 
-        initExtra = ''
+        profileExtra = ''
           if [[ -z "$DISPLAY" ]] && [[ "$(tty)" == "/dev/tty1" ]]; then
-            exec startx &>/dev/null
+            exec startx
           fi
+        '';
 
+        initExtra = ''
           background() {
             for ((i=2;i<=$#;i++)); do
               ''${@[1]} ''${@[$i]} &> /dev/null &
diff --git a/modules/profiles/dwm/default.nix b/modules/profiles/dwm/default.nix
index bc901a76..cc264b62 100644
--- a/modules/profiles/dwm/default.nix
+++ b/modules/profiles/dwm/default.nix
@@ -17,10 +17,7 @@
       ];
     };
 
-    xserver = {
-      displayManager.startx.enable = true;
-      windowManager.dwm.enable = true;
-    };
+    xserver.windowManager.dwm.enable = true;
   };
 
   systemd.user.services.dwm-status.serviceConfig.Restart = "on-failure";
diff --git a/modules/profiles/dwm/xinitrc b/modules/profiles/dwm/xinitrc
index ac0f6c3a..f9abca8b 100644
--- a/modules/profiles/dwm/xinitrc
+++ b/modules/profiles/dwm/xinitrc
@@ -2,4 +2,9 @@ systemctl --user import-environment DISPLAY
 poweralertd -s &
 setbg &
 systemctl --user start dwm-status &
+
+export GPG_TTY=$(tty)
+export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+gpg-connect-agent updatestartuptty /bye
+
 exec dwm