2 files changed, 52 insertions, 0 deletions

diff --git a/default.nix b/default.nix
index 16ba9be..f8a7f8d 100644
--- a/default.nix
+++ b/default.nix
@@ -59,6 +59,7 @@ let
         ./modules/services/skhd
         ./modules/programs/bash
         ./modules/programs/fish.nix
+        ./modules/programs/gnupg.nix
         ./modules/programs/man.nix
         ./modules/programs/info
         ./modules/programs/nix-index
diff --git a/modules/programs/gnupg.nix b/modules/programs/gnupg.nix
new file mode 100644
index 0000000..9a67ec8
--- /dev/null
+++ b/modules/programs/gnupg.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.programs.gnupg;
+
+in
+
+{
+  options.programs.gnupg = {
+    agent.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enables GnuPG agent for every user session.
+      '';
+    };
+
+    agent.enableSSHSupport = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK
+        environment variable correctly.
+      '';
+    };
+  };
+
+  config = mkIf cfg.agent.enable {
+    launchd.user.agents.gnupg-agent.serviceConfig = {
+      ProgramArguments = [
+        "${pkgs.gnupg}/bin/gpg-connect-agent" "/bye"
+      ];
+      RunAtLoad = cfg.agent.enableSSHSupport;
+      KeepAlive = true;
+    };
+
+    environment.extraInit = ''
+      # Bind gpg-agent to this TTY if gpg commands are used.
+      export GPG_TTY=$(tty)
+    '' + (optionalString cfg.agent.enableSSHSupport ''
+      # SSH agent protocol doesn't support changing TTYs, so bind the agent
+      # to every new TTY.
+      ${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
+
+      export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
+    '');
+  };
+}