refactor: revert GNUPGHOME to default ~/.gnupg

Drop custom GNUPGHOME=~/.local/share/gnupg which required 6 systemd
socket/service overrides with hardcoded directory hashes. GnuPG
periodically changes its hash algorithm on updates, silently breaking
systemd socket activation and pam-gnupg passphrase presetting.

With default GNUPGHOME, stock systemd units work out of the box.

- Move gpg.conf, gpg-agent.conf, sshcontrol to home/.gnupg/
- Delete all gpg-agent socket/service/dirmngr override dirs
- Remove GNUPGHOME from .zprofile, .pam_environment, pam-gnupg
- Remove GNUPGHOME from vdirsyncer and bridge service overrides

1 files changed, 17 insertions, 0 deletions

diff --git a/home/.gnupg/sshcontrol b/home/.gnupg/sshcontrol
new file mode 100644
index 0000000..9197976
--- /dev/null
+++ b/home/.gnupg/sshcontrol
@@ -0,0 +1,17 @@
+# List of allowed ssh keys.  Only keys present in this file are used
+# in the SSH protocol.  The ssh-add tool may add new entries to this
+# file to enable them; you may also add them manually.  Comment
+# lines, like this one, as well as empty lines are ignored.  Lines do
+# have a certain length limit but this is not serious limitation as
+# the format of the entries is fixed and checked by gpg-agent. A
+# non-comment line starts with optional white spaces, followed by the
+# keygrip of the key given as 40 hex digits, optionally followed by a
+# caching TTL in seconds, and another optional field for arbitrary
+# flags.   Prepend the keygrip with an '!' mark to disable it.
+
+91191A4A6E86279A901A7D38A7512EC126518FA5
+22747ABA1B4502F186654CD84DC353B0C3BD353F
+9F3FCCA0F99AE1C5D05B834F0E89C79970A7B74A
+5E9259E1EFFFB85520F62A5C31C97033C1DEDBD8
+515584E3A76C03EEA4A563156882938003FBEC90
+E843F385FEEAE6CA2E1B9A67796241FDA5423CA3