summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorAlan Pearce2017-02-22 10:28:31 +0100
committerAlan Pearce2017-02-22 10:28:31 +0100
commit8ea44e87da66487793cd8cf886d1ded87d124d1f (patch)
tree4fe9a7d4a95bcc8b7ccaeb063c2048e8eae7b4c9
parent24ec8ea3b03d84b22b25ebd895abc0e9ef07dfa5 (diff)
downloaddotfiles-8ea44e87da66487793cd8cf886d1ded87d124d1f.tar.lz
dotfiles-8ea44e87da66487793cd8cf886d1ded87d124d1f.tar.zst
dotfiles-8ea44e87da66487793cd8cf886d1ded87d124d1f.zip
Add system for loading extra encrypted configuration
-rw-r--r--tag-emacs/emacs.d/init.org53
1 files changed, 53 insertions, 0 deletions
diff --git a/tag-emacs/emacs.d/init.org b/tag-emacs/emacs.d/init.org
index cf71075..9a8c298 100644
--- a/tag-emacs/emacs.d/init.org
+++ b/tag-emacs/emacs.d/init.org
@@ -1251,6 +1251,59 @@ rather useful.
 (bind-key* "C-x r M-w" #'copy-rectangle)
 #+END_SRC
 
+** Auxillary Configuration
+
+#+BEGIN_SRC emacs-lisp
+;; (require 'pinentry)
+;; (require 'epa)
+
+(defvar have-private-key
+  (file-exists-p (expand-file-name "secring.gpg" "~/.gnupg/")))
+
+(defvar gpg-agent-ssh-sock
+  (or (getenv "GPG_AGENT_INFO")
+      (concat "/run/user/" (number-to-string (user-uid)) "/gnupg/S.gpg-agent.ssh")))
+
+(defun read-gpg-file (file)
+  (let ((file-to-decrypt (expand-file-name file user-emacs-directory))
+	(ctx (epg-make-context epa-protocol)))
+    (if (file-exists-p file-to-decrypt)
+	(epg-decrypt-file ctx file-to-decrypt nil)
+      (message "Decrypting %s...failed" file-to-decrypt)
+      (error "File %s does not exist" file-to-decrypt))))
+
+(defun load-gpg (file)
+  (if have-private-key
+      (load file)
+    (message "WARNING: Couldn't load %s (No gpg key found)" file)))
+
+; load this in a post-frame hook because gpg-agent asks for a password on first
+; startup and caches it. Don't want emacs daemon to hang because of gpg-agent.
+(defun load-private-data ()
+  (interactive)
+  (if (not have-private-key)
+      (message "ERROR: Private GPG key not found")
+    (unless (getenv "GPG_AGENT_INFO")
+      (start-process "gpg-agent" nil "gpg-agent" "--daemon")
+      (setenv "SSH_AUTH_SOCK" gpg-agent-ssh-sock))
+    (setq password-cache-expiry nil
+          pinentry--socket-dir temporary-file-directory)
+    (unless (file-exists-p (concat pinentry--socket-dir "pinentry"))
+      (pinentry-start)
+      (add-hook 'kill-emacs-hook 'pinentry-stop))
+    (add-to-list 'load-suffixes ".el.gpg")
+    (load-gpg "private")
+    (kill-buffer "*Pinentry*")))
+
+(defun first-frame-hook (frame)
+  (remove-hook 'after-make-frame-functions 'first-frame-hook)
+  (run-at-time nil nil 'load-private-data))
+
+(add-hook 'after-make-frame-functions 'first-frame-hook)
+#+END_SRC
+
+
+
 * Minibuffer
 
 Sometimes I want to use the minibuffer, but I’m already inside it.