46 lines
1.1 KiB
Nix
46 lines
1.1 KiB
Nix
{ pkgs ? import <nixpkgs> { } }:
|
|
pkgs.mkShell {
|
|
|
|
buildInputs = with pkgs; [
|
|
gnupg
|
|
git
|
|
vim
|
|
pcsclite
|
|
pinentry-curses
|
|
];
|
|
|
|
shellHook = ''
|
|
mkdir -p $HOME/.gnupg
|
|
echo "pinentry-program = ${pkgs.pinentry-curses}/bin/pinentry-curses" > $HOME/.gnupg/gpg-agent.conf
|
|
echo "enable-ssh-support" >> $HOME/.gnupg/gpg-agent.conf
|
|
|
|
chmod 700 /root/.gnupg
|
|
chmod 600 /root/.gnupg/gpg-agent.conf
|
|
gpgconf --reload gpg-agent
|
|
|
|
# Set the SSH agent socket for gpg-agent
|
|
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
|
|
|
# Reload the gpg-agent to apply changes
|
|
gpg-connect-agent reloadagent /bye
|
|
|
|
# Import public key
|
|
export KEY_URL="$(gpg --card-status | grep URL | cut -d' ' -f6)"
|
|
curl $KEY_URL | gpg --import
|
|
gpg --card-status
|
|
|
|
gpgconf --kill gpg-agent
|
|
gpg-agent --daemon --pinentry-program="${pkgs.pinentry-curses}/bin/pinentry-curses"
|
|
|
|
touch dummy
|
|
gpg -r hans --encrypt dummy
|
|
gpg --decrypt dummy.gpg
|
|
rm dummy
|
|
rm dummy.gpg
|
|
|
|
|
|
# Clone the repository
|
|
git clone ssh://git@git.cluster.gay:2222/hans/nix.git
|
|
'';
|
|
}
|