86 lines
2 KiB
Nix
86 lines
2 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.home.security;
|
|
in
|
|
{
|
|
options = {
|
|
home.security = {
|
|
enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "Security stuff.";
|
|
};
|
|
gpg = {
|
|
enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "GPG configurations.";
|
|
};
|
|
homeDir = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "${config.home.homeDirectory}/.gpg";
|
|
description = "GPG config directory.";
|
|
};
|
|
};
|
|
ssh = {
|
|
enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "SSH base configurations.";
|
|
};
|
|
homeDir = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "${config.home.homeDirectory}/.ssh";
|
|
description = "SSH config directory.";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
programs.gpg = lib.mkIf cfg.gpg.enable {
|
|
enable = true;
|
|
package = pkgs.gnupg;
|
|
mutableKeys = true;
|
|
mutableTrust = true;
|
|
homedir = cfg.gpg.homeDir;
|
|
settings = {
|
|
no-comments = true;
|
|
throw-keyids = true;
|
|
no-emit-version = true;
|
|
keyid-format = "0xlong";
|
|
};
|
|
};
|
|
services.gpg-agent = lib.mkIf cfg.gpg.enable {
|
|
enable = true;
|
|
pinentry.package = pkgs.pinentry-qt;
|
|
};
|
|
|
|
programs.ssh = lib.mkIf cfg.ssh.enable {
|
|
enable = true;
|
|
enableDefaultConfig = false;
|
|
package = pkgs.openssh;
|
|
matchBlocks = {
|
|
"*" = {
|
|
hashKnownHosts = true;
|
|
userKnownHostsFile = "${cfg.ssh.homeDir}/known_hosts";
|
|
|
|
forwardAgent = false;
|
|
addKeysToAgent = "no";
|
|
|
|
serverAliveInterval = 0;
|
|
serverAliveCountMax = 3;
|
|
|
|
controlMaster = "no";
|
|
controlPath = "${cfg.ssh.homeDir}/master-%r@%n:%p";
|
|
controlPersist = "no";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|