From f30d0d230ffb62ee82361ad594b760b364dd4414 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <account@voronind.com>
Date: Tue, 9 Apr 2024 14:26:36 +0300
Subject: [PATCH] Crypto : Add GNUPGHOME tmpfs template.

---
 module/common/Crypto.nix |  7 ++++++-
 module/common/Git.nix    |  4 +++-
 part/Secret.nix          | 10 ++++++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/module/common/Crypto.nix b/module/common/Crypto.nix
index 37c0b36..0ac2cca 100644
--- a/module/common/Crypto.nix
+++ b/module/common/Crypto.nix
@@ -10,6 +10,11 @@
 	# Extra packages.
 	environment.systemPackages = with pkgs; [
 		yubikey-manager  # Yubikey Manager.
-		yubioath-desktop # OTP.
+		# yubioath-desktop # OTP.
 	];
+
+	# Store GPG data on tmpfs.
+	environment.variables = {
+		# GNUPGHOME = "$(mktemp -d -t gnupg-$(date +%Y-%m-%d)-XXXXXXXXXX)";
+	};
 }
diff --git a/module/common/Git.nix b/module/common/Git.nix
index b8edc92..6eac4f9 100644
--- a/module/common/Git.nix
+++ b/module/common/Git.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{ secret, ... }: {
 	programs.git = {
 		enable = true;
 		config = {
@@ -7,6 +7,8 @@
 			pull.rebase          = true;
 			push.autoSetupRemote = true;
 			rebase.autoStash     = true;
+			user.signingkey      = secret.crypto.sign.key;
+			gpg.format           = secret.crypto.sign.format;
 		};
 	};
 }
diff --git a/part/Secret.nix b/part/Secret.nix
index 264112a..9b65540 100644
--- a/part/Secret.nix
+++ b/part/Secret.nix
@@ -7,4 +7,14 @@
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBL5NAm8S97EtfB/7DPf5Xl3Cqi3PlSO1V0m7fknNzz root@laptop"
 		"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIL2LI1iFDZC223aWqBVz9yusfB/XrRwsBKiL5warIF/ nix-on-droid@phone"
 	];
+
+	crypto = {
+		sign = {
+			format = "ssh";
+			key    = "";
+		};
+		publicKeys = [
+
+		];
+	};
 }