]> Git — Sourcephile - julm/julm-nix.git/blob - homes/softwares/gnupg.nix
patate: add backup
[julm/julm-nix.git] / homes / softwares / gnupg.nix
1 { pkgs, lib, config, ... }:
2 {
3 home.activation.gnupg = lib.hm.dag.entryAfter ["writeBoundary"] ''
4 install -d -m700 ${lib.escapeShellArg config.home.homeDirectory}/.gnupg
5 '';
6 home.file.".gnupg/dirmngr.conf".text = ''
7 allow-ocsp
8 hkp-cacert ${gnupg/keyserver.pem}
9 keyserver hkps://keys.mayfirst.org
10 #use-tor
11 #log-file dirmngr.log
12 #standard-resolver
13 '';
14 services.gpg-agent = {
15 enableSshSupport = true;
16 pinentryFlavor = if config.host.desktop then "gtk2" else "curses";
17 };
18 programs.gpg.settings = {
19 #auto-key-locate = "keyserver";
20 auto-key-locate = false;
21 cert-digest-algo = "SHA512";
22 charset = "utf-8";
23 default-keyring = false;
24 default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 TWOFISH BZIP2 ZLIB ZIP Uncompressed";
25 emit-version = false;
26 fixed-list-mode = true;
27 keyid-format = "0xlong";
28 keyserver-options = "no-honor-keyserver-url";
29 personal-cipher-preferences = "AES256 AES CAST5";
30 personal-digest-preferences = "SHA512";
31 quiet = true;
32 s2k-cipher-algo = "AES256";
33 s2k-count = "65536";
34 s2k-digest-algo = "SHA512";
35 s2k-mode = "3";
36 tofu-default-policy = "unknown";
37 trust-model = "tofu+pgp";
38 #with-fingerprint = [ true true ];
39 use-agent = true;
40 utf8-strings = true;
41 };
42 }