feat(yubikey): configure GPG signing key and disable GCR ssh-agent

Set actual GPG key ID for git commit signing, disable GCR ssh-agent socket so gpg-agent handles SSH auth, and trim redundant setup steps from yubikey guide.
2026-04-04 02:12:02 -04:00
parent 1ca8cc8c57
commit 7c25228bc5
2 changed files with 5 additions and 24 deletions
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:

 {
  home.username = "l-wyatt";
@@ -121,6 +121,9 @@
    };
  };

+  # Disable GCR ssh-agent so gpg-agent handles SSH
+  systemd.user.sockets.gcr-ssh-agent.Install.WantedBy = lib.mkForce [];
+
  # GPG configuration
  programs.gpg = {
    enable = true;
@@ -141,7 +144,7 @@
  programs.git = {
    enable = true;
    signing = {
-      key = null; # Will be set after GPG key generation
+      key = "0xADCEAC560B498269";
      signByDefault = true;
    };
    settings = {
@@ -1,27 +1,5 @@
 # Post-Rebuild YubiKey Setup Guide

-## Step 0: Rebuild & Reboot
-
-```bash
-nixos-rebuild switch
-# Then reboot to ensure gpg-agent replaces gnome-keyring as SSH agent
-reboot
-```
-
-After reboot, verify the new environment:
-
-```bash
-gpg --version           # Should show GnuPG 2.4+
-ykman info              # Should show your YubiKey model/serial
-gpg --card-status       # Should show the YubiKey smartcard
-echo $SSH_AUTH_SOCK     # Should point to gpg-agent socket, NOT gcr
-```
-
-> If `gpg --card-status` hangs or errors, restart pcscd:
-> `sudo systemctl restart pcscd`
-
---
-
 ## Step 1: Generate GPG Master Key

 ```bash