sid/synix
1
0
Fork 0
Code Issues 7 Pull requests 1 Projects Activity Actions
synix/docs/modules/home/gpg.md
sid 95a533c876
All checks were successful
Deploy docs / build-and-deploy (push) Successful in 3s
Details
initial commit
2026-02-23 20:34:35 +01:00

1.5 KiB
Raw Blame History

GPG

This module sets some defaults for gpg, mainly to let your gpg-agent handle ssh keys.

View the synix Home Manager module on Forgejo.

SSH Setup

GPG

You need a GPG authentication subkey. Follow the steps below to create one. If you already have a GPG key, skip to step 2.

1. Generate a new GPG key

gpg --full-gen-key --allow-freeform-uid
  1. Select 1 as the type of key.
  2. Select 4096 for the keysize.
  3. Select 0 to choose 'Never expire'.
  4. Enter your name, email address, and a comment (if you want). Select 0 for 'Okay'.

2. Create an authentication subkey

gpg --expert --edit-key KEY-ID
  1. At the new gpg> prompt, enter: addkey
  2. When prompted, enter your passphrase.
  3. When asked for the type of key you want, select: (8) RSA (set your own capabilities).
  4. Enter S to toggle the Sign action off.
  5. Enter E to toggle the Encrypt action off.
  6. Enter A to toggle the Authenticate action on. The output should now include Current allowed actions: Authenticate, with nothing else on that line.
  7. Enter Q to continue.
  8. When asked for a keysize, choose 4096.
  9. Select 0 to choose 'Never expire'.
  10. Once the key is created, enter quit to leave the gpg prompt, and y at the prompt to save changes.

HM config

imports = [
  inputs.synix.homeModules.gpg
];

services.gpg-agent.sshKeys = [ "YOUR_AUTH_SUBKEY_KEYGRIP" ];

Get the keygrip of your authentication subkey with: gpg -K --with-keygrip