initial commit

docs/modules/home/gpg.md

@@ -0,0 +1,51 @@
+# GPG
+
+This module sets some defaults for gpg, mainly to let your gpg-agent handle ssh keys.
+
+View the [*synix* Home Manager module on Forgejo](https://git.sid.ovh/sid/synix/tree/master/modules/home/gpg).
+
+## SSH Setup
+
+### GPG
+
+You need a GPG authentication subkey. Follow the steps below to create one. If you already have a GPG key, skip to step 2.
+
+#### 1. Generate a new GPG key
+
+```sh
+gpg --full-gen-key --allow-freeform-uid
+```
+
+1. Select `1` as the type of key.
+1. Select `4096` for the keysize.
+1. Select `0` to choose 'Never expire'.
+1. Enter your name, email address, and a comment (if you want). Select `0` for 'Okay'.
+
+#### 2. Create an authentication subkey
+
+```sh
+gpg --expert --edit-key KEY-ID
+```
+
+1. At the new `gpg>` prompt, enter: `addkey`
+1. When prompted, enter your passphrase.
+1. When asked for the type of key you want, select: (8) RSA (set your own capabilities).
+1. Enter `S` to toggle the ‘Sign’ action off.
+1. Enter `E` to toggle the ‘Encrypt’ action off.
+1. Enter `A` to toggle the ‘Authenticate’ action on. The output should now include Current allowed actions: Authenticate, with nothing else on that line.
+1. Enter `Q` to continue.
+1. When asked for a keysize, choose `4096`.
+1. Select `0` to choose 'Never expire'.
+1. Once the key is created, enter `quit` to leave the gpg prompt, and `y` at the prompt to save changes.
+
+### HM config
+
+```nix
+imports = [
+  inputs.synix.homeModules.gpg
+];
+
+services.gpg-agent.sshKeys = [ "YOUR_AUTH_SUBKEY_KEYGRIP" ];
+```
+
+> Get the keygrip of your authentication subkey with: `gpg -K --with-keygrip`