machines/losurdo/security.nix

   1 { flakes, pkgs, lib, config, machineName, ... }:
   2 let
   3   inherit (config.security) gnupg;
   4   rootKey = "root/key";
   5   keygrip = "9AA84E6F6D71F9163C46BF396B141A0806219077";
   6 in
   7 {
   8 security.gnupg.store = flakes.pass + "/machines/${machineName}";
   9 environment.memoryAllocator.provider = "libc";
  10 services.openssh.extraConfig = ''
  11   # This is for removing remote gpg-agent's socket
  12   StreamLocalBindUnlink yes
  13 '';
  14 /*
  15 installer.ssh-nixos = {
  16   PATH = [pkgs.gnupg pkgs.openssh];
  17   sshFlags = [
  18     #"-R" "/var/lib/gnupg/S.gpg-agent.extra:/run/user/1000/gnupg/d.w1sj57hx3zfcwadyxpr6wko9/S.gpg-agent.extra"
  19     #"-o" "StreamLocalBindUnlink=yes"
  20   ];
  21 };
  22 */
  23 }