39 lines
745 B
Nix
39 lines
745 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
gpg-wrapper = pkgs.writeShellScriptBin "gpg" ''
|
|
until ${pkgs.coreutils}/bin/timeout 1 [ -d /run/secrets/gpg/ ]
|
|
do
|
|
echo "Waiting for '/run/secrets/' to be mounted" >&2
|
|
sleep 1
|
|
done
|
|
if [ -z "$GNUPGHOME" ]
|
|
then export GNUPGHOME="/run/secrets/gpg/"
|
|
fi
|
|
${pkgs.gnupg}/bin/gpg "$@"
|
|
'';
|
|
in {
|
|
|
|
home-manager.users.mysaa.home.packages = [
|
|
gpg-wrapper
|
|
];
|
|
|
|
home-manager.users.mysaa.programs.git.signing.signer = "${gpg-wrapper}/bin/gpg";
|
|
|
|
fileSystems."/run/secrets" = {
|
|
device = "/dev/disk/by-uuid/545bfd15-0973-4395-9d05-6c4c78a9e45c";
|
|
fsType = "ext4";
|
|
options = [
|
|
"nofail"
|
|
"noauto"
|
|
"ro"
|
|
"x-systemd.automount"
|
|
];
|
|
};
|
|
|
|
}
|