0xWheatyz/nixos-configurations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(yubikey): configure GPG signing key and disable GCR ssh-agent

Browse Source 
Set actual GPG key ID for git commit signing, disable GCR ssh-agent
socket so gpg-agent handles SSH auth, and trim redundant setup steps
from yubikey guide.
This commit is contained in:
0xWheatyz
2026-04-04 02:12:02 -04:00
parent 1ca8cc8c57
commit 7c25228bc5
2 changed files with 5 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
home.nix
+5 -2
View File
@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
{ {
home.username = "l-wyatt"; home.username = "l-wyatt";
@@ -121,6 +121,9 @@
}; };
}; };
# Disable GCR ssh-agent so gpg-agent handles SSH
systemd.user.sockets.gcr-ssh-agent.Install.WantedBy = lib.mkForce [];
# GPG configuration # GPG configuration
programs.gpg = { programs.gpg = {
enable = true; enable = true;
@@ -141,7 +144,7 @@
programs.git = { programs.git = {
enable = true; enable = true;
signing = { signing = {
key = null; # Will be set after GPG key generation key = "0xADCEAC560B498269";
signByDefault = true; signByDefault = true;
}; };
settings = { settings = {
yubikey.md
-22
View File
@@ -1,27 +1,5 @@
# Post-Rebuild YubiKey Setup Guide # Post-Rebuild YubiKey Setup Guide
## Step 0: Rebuild & Reboot
```bash
nixos-rebuild switch
# Then reboot to ensure gpg-agent replaces gnome-keyring as SSH agent
reboot
```
After reboot, verify the new environment:
```bash
gpg --version # Should show GnuPG 2.4+
ykman info # Should show your YubiKey model/serial
gpg --card-status # Should show the YubiKey smartcard
echo $SSH_AUTH_SOCK # Should point to gpg-agent socket, NOT gcr
```
> If `gpg --card-status` hangs or errors, restart pcscd:
> `sudo systemctl restart pcscd`
---
## Step 1: Generate GPG Master Key ## Step 1: Generate GPG Master Key
```bash ```bash