]> Git — Sourcephile - julm/julm-nix.git/blob - homes/softwares/gnupg.nix
patate: add wg-intra privateKey
[julm/julm-nix.git] / homes / softwares / gnupg.nix
1 { pkgs, lib, config, options, ... }:
2 {
3 config = {
4 /*
5 home.activation.gnupg = lib.hm.dag.entryAfter ["writeBoundary"] ''
6 install -d -m700 ${lib.escapeShellArg config.programs.gpg.homedir}
7 '';
8 */
9 services.gpg-agent = {
10 enableSshSupport = true;
11 enableExtraSocket = true;
12 pinentryFlavor = if config.host.desktop then "gtk2" else "curses";
13 };
14 programs.gpg.settings = {
15 #auto-key-locate = "keyserver";
16 auto-key-locate = false;
17 cert-digest-algo = "SHA512";
18 charset = "utf-8";
19 default-keyring = false;
20 default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 TWOFISH BZIP2 ZLIB ZIP Uncompressed";
21 emit-version = false;
22 fixed-list-mode = true;
23 keyid-format = "0xlong";
24 keyserver-options = "no-honor-keyserver-url";
25 personal-cipher-preferences = "AES256 AES CAST5";
26 personal-digest-preferences = "SHA512";
27 quiet = true;
28 s2k-cipher-algo = "AES256";
29 s2k-count = "65536";
30 s2k-digest-algo = "SHA512";
31 s2k-mode = "3";
32 tofu-default-policy = "unknown";
33 trust-model = "tofu+pgp";
34 #with-fingerprint = [ true true ];
35 use-agent = true;
36 utf8-strings = true;
37 };
38 home.file."${config.programs.gpg.homedir}/dirmngr.conf".text = ''
39 allow-ocsp
40 hkp-cacert ${gnupg/keyserver.pem}
41 keyserver hkps://keys.mayfirst.org
42 #use-tor
43 #log-file dirmngr.log
44 #standard-resolver
45 '';
46 } // lib.optionalAttrs (options ? "nixpkgs") {
47 nixpkgs.overlays = [ (self: super: {
48 # Avoid rebuilding graphical dependencies
49 # when using Nixpkgs PRs rebuilding them.
50 # See https://github.com/NixOS/nixpkgs/issues/96306#issuecomment-722140002
51 pinentry = super.pinentry.override {
52 enabledFlavors = [ "curses" "tty" ] ++ lib.optional config.host.desktop "gtk2";
53 };
54 }) ];
55 };
56 }