From 3e96a4c5884e1f08ff30f6e67ccf655022242402 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 7 Jan 2022 18:48:02 +0100
Subject: forward.vidhar

---
 accounts/gkleen@sif/ssh-hosts.nix | 16 ++++++++++++++++
 accounts/gkleen@vidhar.nix        |  8 ++++++++
 2 files changed, 24 insertions(+)

(limited to 'accounts')

diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index 339d085a..ed8e9a1a 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -248,6 +248,22 @@
     { hostname = "vidhar.yggdrasil";
       identityFile = "~/.ssh/gkleen@sif.midgard.yggdrasil";
     };
+  "forward.vidhar" =
+    { hostname = "vidhar.yggdrasil";
+      forwardAgent = true;
+      remoteForwards = [
+        { host = { address = "/run/user/1000/gnupg/S.gpg-agent"; };
+          bind = { address = "/run/user/1000/gnupg/S.gpg-agent"; };
+        }
+        { host = { address = "/run/user/1000/gnupg/S.gpg-agent.extra"; };
+          bind = { address = "/run/user/1000/gnupg/S.gpg-agent.extra"; };
+        }
+      ];
+      extraOptions = {
+        StreamLocalBindUnlink = "yes";
+        ExitOnForwardFailure = "yes";
+      };
+    };
   "init.vidhar" =
     { hostname = "10.141.0.1";
       user = "root";
diff --git a/accounts/gkleen@vidhar.nix b/accounts/gkleen@vidhar.nix
index eba25692..c73faa96 100644
--- a/accounts/gkleen@vidhar.nix
+++ b/accounts/gkleen@vidhar.nix
@@ -10,5 +10,13 @@
         "command=\"${pkgs.unison}/bin/unison -server\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4izEz5pEjJqFLeJewHCoqtskqA+olKZNEP1yZWK7Ui gkleen@sif"
       ];
     };
+
+    home-manager.users.${userName} = {
+      file = {
+        ".config/user-tmpfiles.d/gnupg.conf".text = ''
+          d /run/user/${config.users.users.${userName}.uid}/gnupg 0700 ${userName} ${config.users.users.${userName}.group} -
+        '';
+      };
+    };
   };
 }
-- 
cgit v1.2.3