From 11f1be099e30e578854954c7b2937a0787d80849 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Sat, 11 Mar 2023 06:36:22 +0100
Subject: [PATCH] feat: gpg ssh key

---
 configs/ssh.nix | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/configs/ssh.nix b/configs/ssh.nix
index 36f1448..1011b3d 100644
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -7,24 +7,21 @@
   inherit (import ../lib) sshPort kieran;
   externalNetwork = import ../lib/external-network.nix;
   sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
-  ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>;
 in {
-  /*
-     TODO how do I do this?
-  services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" ''
-    #!${pkgs.expect}/bin/expect -f
-    spawn ${pkgs.openssh}/bin/ssh-add
-    expect "Enter passphrase for *:"
-    send "${ssh-passphrase}\n";
-    expect "Identity added: *"
-    interact
-  '');
-  */
-
-  programs.ssh.startAgent = true;
-
   users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;
 
+  home-manager.users.me = {
+    services.gpg-agent = rec {
+      enable = true;
+      enableSshSupport = true;
+      defaultCacheTtlSsh = 2 * 60 * 60;
+      maxCacheTtlSsh = 4 * defaultCacheTtlSsh;
+      sshKeys = [
+        "568047C91DE03A23883E340F15A9C24D313E847C"
+      ];
+    };
+  };
+
   home-manager.users.me.programs.ssh = {
     enable = true;
     matchBlocks = rec {