From deebde0386845f9c303f2b6193602d9553e809f6 Mon Sep 17 00:00:00 2001
From: Till <till@ktiu.net>
Date: Sun, 18 Jan 2026 00:24:58 +0100
Subject: [PATCH] mail and password store

---
 home/mail/default.nix     | 12 ++++++++++--
 home/mail/smime.neomuttrc |  6 +++---
 home/minimal.nix          |  1 +
 home/password-store.nix   | 14 ++++++++++++++
 home/slim-desktop.nix     |  2 +-
 system/gnome.nix          |  1 -
 6 files changed, 29 insertions(+), 7 deletions(-)
 create mode 100644 home/password-store.nix

diff --git a/home/mail/default.nix b/home/mail/default.nix
index 3ce7cc3..af5d2a5 100644
--- a/home/mail/default.nix
+++ b/home/mail/default.nix
@@ -95,8 +95,13 @@
         userName = "till.straube@t9e.me";
         signature.text = ''
           Till Straube (he/him)
+          PGP key: https://keys.openpgp.org/search?q=till.straube@t9e.me
         '';
         signature.showSignature = "append";
+        gpg = {
+          key = "5FA6782F543D12ED07110780BA1B73F10BABF8E3";
+          signByDefault = true;
+        };
         neomutt = {
           enable = true;
           sendMailCommand = "/home/till/.nix-profile/bin/msmtp";
@@ -104,11 +109,14 @@
             set my_mbsync_acct='t9e'
             set mbox='+Archive'
             set my_junk='+Junk'
-            unset crypt_auto_pgp
+
+            set crypt_auto_pgp
             unset crypt_auto_smime
+
             unalternates *
             alternates @t9e.me$
             set reverse_name
+
             set my_signature = ${
               pkgs.writeText
                 "signature.txt"
@@ -136,7 +144,7 @@
         userName = "till";
         signature.text = ''
           Till Straube (he/him)
-          PGP: https://keys.openpgp.org/search?q=till@ktiu.net
+          PGP key: https://keys.openpgp.org/search?q=till@ktiu.net
         '';
         signature.showSignature = "append";
         gpg = {
diff --git a/home/mail/smime.neomuttrc b/home/mail/smime.neomuttrc
index 7426dd3..60f57e5 100644
--- a/home/mail/smime.neomuttrc
+++ b/home/mail/smime.neomuttrc
@@ -1,7 +1,7 @@
 # Locations
-set smime_ca_location="~/.keys/neomutt/smime/ca"
-set smime_certificates="~/.keys/neomutt/smime/public"
-set smime_keys="~/.keys/neomutt/smime/private"
+# set smime_ca_location="~/.keys/neomutt/smime/ca"
+# set smime_certificates="~/.keys/neomutt/smime/public"
+# set smime_keys="~/.keys/neomutt/smime/private"
 
 # Commands (smime_keys)
 set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out"
diff --git a/home/minimal.nix b/home/minimal.nix
index e526dda..2066538 100644
--- a/home/minimal.nix
+++ b/home/minimal.nix
@@ -40,6 +40,7 @@
   imports = [
     ./fish.nix
     ./tmux
+    ./password-store.nix
     ./vifm
     ./nvim
   ];
diff --git a/home/password-store.nix b/home/password-store.nix
new file mode 100644
index 0000000..3b92f54
--- /dev/null
+++ b/home/password-store.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+
+{
+  # services.gnome.gnome-keyring.enable = lib.mkForce false;
+  # services.gnome.gnome-keyring.enable = false;
+  services.pass-secret-service.enable = true;
+
+  programs.password-store = {
+    enable = true;
+    settings = {
+      PASSWORD_STORE_DIR = "$XDG_DATA_HOME/crypto/password-store";
+    };
+  };
+}
diff --git a/home/slim-desktop.nix b/home/slim-desktop.nix
index 266a2d6..bfe747b 100644
--- a/home/slim-desktop.nix
+++ b/home/slim-desktop.nix
@@ -66,7 +66,7 @@
     ./calendars.nix
     ./foot.nix
     ./mail
-    ./openconnect.nix
+    # ./openconnect.nix
   ];
 
   programs.taskwarrior = {
diff --git a/system/gnome.nix b/system/gnome.nix
index fa850aa..e866bb8 100644
--- a/system/gnome.nix
+++ b/system/gnome.nix
@@ -24,7 +24,6 @@
   ];
 
   services.gnome.gnome-browser-connector.enable = true;
-  # services.gnome.gnome-keyring.enable = lib.mkForce false;
 
   programs.kdeconnect = {
     enable = true;