From f83c49baa3cf4de627bcfd3c70730478aaa3998a Mon Sep 17 00:00:00 2001
From: Kai Wohlfahrt <kai@prodo.ai>
Date: Tue, 18 Jun 2019 12:59:40 +0100
Subject: [PATCH] gpg-agent: add sshcontrol configuration

This lets gpg-agent serve specific keys with authentication capability
as SSH keys
---
 modules/services/gpg-agent.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/modules/services/gpg-agent.nix b/modules/services/gpg-agent.nix
index c4c045e50..5dc942fef 100644
--- a/modules/services/gpg-agent.nix
+++ b/modules/services/gpg-agent.nix
@@ -70,6 +70,14 @@ in
         '';
       };
 
+      sshKeys = mkOption {
+        type = types.nullOr (types.listOf types.str);
+        default = null;
+        description = ''
+          Which GPG keys (by keygrip) to expose as SSH keys.
+        '';
+      };
+
       enableExtraSocket = mkOption {
         type = types.bool;
         default = false;
@@ -157,6 +165,11 @@ in
       programs.zsh.initExtra = gpgInitStr;
     }
 
+    (mkIf (cfg.sshKeys != null) {
+      # Trailing newlines are important
+      home.file.".gnupg/sshcontrol".text = concatMapStrings (s: "${s}\n") cfg.sshKeys;
+    })
+
     # The systemd units below are direct translations of the
     # descriptions in the
     #