From 8d59d29881d5a40b767a05be6d2a9cc7427035d4 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Wed, 6 Sep 2023 14:57:11 +0200
Subject: [PATCH] nitrokey ssh still works

---
 modules/nitrokey-ssh-gpg.home.nix | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/modules/nitrokey-ssh-gpg.home.nix b/modules/nitrokey-ssh-gpg.home.nix
index 85cd51e..a0ef9a0 100644
--- a/modules/nitrokey-ssh-gpg.home.nix
+++ b/modules/nitrokey-ssh-gpg.home.nix
@@ -65,6 +65,9 @@
   # ssh nas
   #=> Works!
 
+  # TODO: What is the difference between programs.gnupg.agent.enableSSHSupport and
+  #       services.gpg-agent.enableSshSupport = true;
+
   services.udev.packages = [ pkgs.nitrokey-udev-rules ];
   programs = {
     ssh.startAgent = false;
@@ -89,6 +92,7 @@
   services.pcscd.enable = true;
 
   home-manager.users.yoda = { osConfig, config, pkgs, ... }: {
+    # SSH configuration.
     programs.ssh = {
       enable = true;
       userKnownHostsFile = "~/.ssh/known_hosts ${../assets/ssh/known_hosts}";
@@ -104,5 +108,31 @@
         };
       };
     };
+
+    # GnuPG configuration.
+    # Examples:
+    #   https://github.com/ioerror/duraconf
+    #   https://gist.github.com/graffen/37eaa2332ee7e584bfda
+    programs.gpg = {
+      enable = true;
+      settings = {
+        # Display long key IDs
+        keyid-format = "0xlong";
+
+        # List all keys (or the specified ones) along with their fingerprints
+        with-fingerprint = true;
+
+        # Display the calculated validity of user IDs during key listings.
+        list-options = "show-uid-validity";
+        verify-options = "show-uid-validity";
+      };
+      publicKeys = [
+        {
+          source = "${../assets/gpg/pubkey_nitrokey.asc}";
+          # ultimate
+          trust = 5;
+        }
+      ];
+    };
   };
 }