From c5e919a2dcdd4f6e664dcca4bcdc198574a9da03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Mon, 8 Aug 2022 21:16:45 -0300
Subject: [PATCH] add gpg auto-unlock

---
 scripts/_gpg-unlock.nix | 30 +++++++++++++++++++++++++++++
 scripts/default.nix     |  1 +
 user/gpg.nix            | 42 +++++++++++++++++++++++++++++++++++++++++
 user/home.nix           |  2 ++
 4 files changed, 75 insertions(+)
 create mode 100644 scripts/_gpg-unlock.nix
 create mode 100644 user/gpg.nix

diff --git a/scripts/_gpg-unlock.nix b/scripts/_gpg-unlock.nix
new file mode 100644
index 0000000..b2eb444
--- /dev/null
+++ b/scripts/_gpg-unlock.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, lib, ... }:
+pkgs.writeShellScriptBin "_gpg-unlock" ''
+  ${pkgs.gnupg}/bin/gpg-connect-agent reloadagent /bye
+
+  set -xe
+
+  test -f "$HOME/.config/.preset-password" || {
+    notify-send "No preset password found"
+    exit 0;
+  }
+
+  get_keygrip() {
+    ${pkgs.gnupg}/bin/gpg --list-secret-keys --with-keygrip |
+    awk '
+    /^ssb/ {
+        ssb=1
+    }
+    /Keygrip/{
+        if (ssb) print $3
+    }'
+  }
+
+  keygrip=$(get_keygrip)
+
+  test -n "$keygrip" || exit 0
+
+  cat "$HOME/.config/.preset-password" |
+      base64 -d |
+      ${pkgs.gnupg}/libexec/gpg-preset-passphrase --preset "$keygrip"
+''
diff --git a/scripts/default.nix b/scripts/default.nix
index 712700c..dd1e5a8 100644
--- a/scripts/default.nix
+++ b/scripts/default.nix
@@ -6,4 +6,5 @@
   terminal = import ./terminal.nix { inherit config pkgs lib; };
   wpass = import ./wpass.nix { inherit config pkgs lib; };
   screenshotsh = import ./screenshotsh.nix { inherit config pkgs lib; };
+  _gpg-unlock = import ./_gpg-unlock.nix { inherit config pkgs lib; };
 })
diff --git a/user/gpg.nix b/user/gpg.nix
new file mode 100644
index 0000000..560cec5
--- /dev/null
+++ b/user/gpg.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, lib, ... }: {
+  config = {
+    services.gpg-agent = {
+      enable = true;
+      defaultCacheTtl = 604800;
+      maxCacheTtl = 604800;
+      pinentryFlavor = "gtk2";
+      extraConfig = ''
+        allow-preset-passphrase
+        allow-loopback-pinentry
+        pinentry-mode loopback
+      '';
+    };
+    systemd.user.services = {
+      gpg_unlock = {
+        Unit = {
+          Description = "Unlock gpg keyring";
+          PartOf = [ "graphical-session.target" ];
+          After = [ "graphical-session.target" ];
+        };
+        Service = {
+          ExecStart = "${pkgs._gpg-unlock}/bin/_gpg-unlock";
+        };
+      };
+    };
+    systemd.user.timers = {
+      gpg_unlock = {
+        Unit = {
+          Description = "Unlock gpg keyring";
+          PartOf = [ "graphical-session.target" ];
+          After = [ "graphical-session.target" ];
+        };
+        Timer = {
+          OnBootSec = "30";
+          OnUnitActiveSec = "30";
+          Unit = "gpg_unlock.service";
+        };
+      };
+    };
+
+  };
+}
diff --git a/user/home.nix b/user/home.nix
index 8a5b57d..a8cc3d1 100644
--- a/user/home.nix
+++ b/user/home.nix
@@ -17,6 +17,7 @@ in {
     ./sway.nix
     ./git.nix
     ./qutebrowser
+    ./gpg.nix
   ];
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
@@ -54,6 +55,7 @@ in {
     libnotify
     wpass
     screenshotsh
+    _gpg-unlock
     # media
     yt-dlp
     ffmpeg