Configure pam-gnupg

Automatically unlock my GPG key on login to make it easier to work with pass, neomutt, etc. See https://github.com/cruegge/pam-gnupg.
2025-04-22 00:31:56 +01:00 · 2025-04-22 00:31:56 +01:00 · 14583971ed
commit 14583971ed
parent 5b224bbe42
5 changed files with 33 additions and 6 deletions
--- a/hosts/t480/configuration.nix
+++ b/hosts/t480/configuration.nix
@ -132,6 +132,8 @@ in
    xserver = {
      enable = true;
      displayManager.startx.enable = true;
      xkb = {
        layout = "gb";
        variant = "";
@ -140,4 +142,11 @@ in
  };
  programs.dconf.enable = true;
  home-manager.users.opdavies = {
    xdg.configFile."pam-gnupg".text = ''
      098EE055DAD2B9CB68154C6759DD38292D2273B6
      1E21B58D69FFEFAD077F152A50FEA938A3413F50
    '';
  };
 }
--- a/modules/mixins/gnupg.nix
+++ b/modules/mixins/gnupg.nix
@ -1,11 +1,25 @@
 { pkgs, ... }:
 {
  security.pam.services.login.gnupg.enable = true;
  programs = {
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryPackage = pkgs.pinentry-qt;
    };
  };
  home-manager.users.opdavies = {
    home.file = {
      ".gnupg/gpg-agent.conf".text = ''
        allow-preset-passphrase
        default-cache-ttl 600
        max-cache-ttl 7200
        enable-ssh-support
      '';
    };
  };
 }
--- a/modules/mixins/zsh/default.nix
+++ b/modules/mixins/zsh/default.nix
@ -22,11 +22,13 @@
          ABBR_SET_EXPANSION_CURSOR = 1;
        };
-        initExtra = ''
+        profileExtra = ''
          if [[ -z "$DISPLAY" ]] && [[ "$(tty)" == "/dev/tty1" ]]; then
-            exec startx &>/dev/null
+            exec startx
          fi
        '';
        initExtra = ''
          background() {
            for ((i=2;i<=$#;i++)); do
              ''${@[1]} ''${@[$i]} &> /dev/null &
--- a/modules/profiles/dwm/default.nix
+++ b/modules/profiles/dwm/default.nix
@ -17,10 +17,7 @@
      ];
    };
-    xserver = {
+    xserver.windowManager.dwm.enable = true;
      displayManager.startx.enable = true;
      windowManager.dwm.enable = true;
    };
  };
  systemd.user.services.dwm-status.serviceConfig.Restart = "on-failure";
--- a/modules/profiles/dwm/xinitrc
+++ b/modules/profiles/dwm/xinitrc
@ -2,4 +2,9 @@ systemctl --user import-environment DISPLAY
 poweralertd -s &
 setbg &
 systemctl --user start dwm-status &
 export GPG_TTY=$(tty)
 export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
 gpg-connect-agent updatestartuptty /bye
 exec dwm