homes/softwares/gnupg.nix

   1 { pkgs, lib, config, ... }:
   2 {
   3 nixpkgs.overlays = [ (self: super: {
   4   # Avoid rebuilding graphical dependencies
   5   # when using Nixpkgs PRs rebuilding them.
   6   # See https://github.com/NixOS/nixpkgs/issues/96306#issuecomment-722140002
   7   pinentry = super.pinentry.override {
   8     enabledFlavors = [ "curses" "tty" ] ++ lib.optional config.host.desktop "gtk2";
   9   };
  10 }) ];
  11 home.activation.gnupg = lib.hm.dag.entryAfter ["writeBoundary"] ''
  12   install -d -m700 ${lib.escapeShellArg config.home.homeDirectory}/.gnupg
  13 '';
  14 home.file.".gnupg/dirmngr.conf".text = ''
  15   allow-ocsp
  16   hkp-cacert ${gnupg/keyserver.pem}
  17   keyserver hkps://keys.mayfirst.org
  18   #use-tor
  19   #log-file dirmngr.log
  20   #standard-resolver
  21 '';
  22 services.gpg-agent = {
  23   enableSshSupport = true;
  24   pinentryFlavor =  "curses";
  25 };
  26 programs.gpg.settings = {
  27   #auto-key-locate = "keyserver";
  28   auto-key-locate = false;
  29   cert-digest-algo = "SHA512";
  30   charset = "utf-8";
  31   default-keyring = false;
  32   default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 TWOFISH BZIP2 ZLIB ZIP Uncompressed";
  33   emit-version = false;
  34   fixed-list-mode = true;
  35   keyid-format = "0xlong";
  36   keyserver-options = "no-honor-keyserver-url";
  37   personal-cipher-preferences = "AES256 AES CAST5";
  38   personal-digest-preferences = "SHA512";
  39   quiet = true;
  40   s2k-cipher-algo = "AES256";
  41   s2k-count = "65536";
  42   s2k-digest-algo = "SHA512";
  43   s2k-mode = "3";
  44   tofu-default-policy = "unknown";
  45   trust-model = "tofu+pgp";
  46   #with-fingerprint = [ true true ];
  47   use-agent = true;
  48   utf8-strings = true;
  49 };
  50 }