shell/configuration/gnupg.nix

   1 {config, ...}:
   2 {
   3   config = {
   4     gnupg = {
   5       enable = true;
   6       dir.var = toString ../../../sec/gnupg;
   7       keys = {
   8         "Julien Moutinho <julm@sourcephile.fr>" = {
   9           uid = "Julien Moutinho <julm@sourcephile.fr>";
  10           algo   = "rsa4096";
  11           expire = "3y";
  12           usage  = ["cert" "sign"];
  13           passPath = "julm/gpg/julm@sourcephile.fr";
  14           subKeys = [
  15             { algo = "rsa4096"; expire = "3y"; usage = ["sign"];}
  16             { algo = "rsa4096"; expire = "3y"; usage = ["encrypt"];}
  17             { algo = "rsa4096"; expire = "3y"; usage = ["auth"];}
  18             ];
  19           backupRecipients = [""];
  20         };
  21       };
  22     };
  23   };
  24 }