diff options
| author | Azat Bahawi <azat@bahawi.net> | 2024-04-21 02:15:42 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2024-04-21 02:15:42 +0300 |
| commit | e6ed60548397627bf10f561f9438201dbba0a36e (patch) | |
| tree | f9a84c5957d2cc4fcd148065ee9365a0c851ae1c /modules/gnupg.nix | |
| parent | 2024-04-18 (diff) | |
2024-04-21
Diffstat (limited to '')
| -rw-r--r-- | modules/gnupg.nix | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/modules/gnupg.nix b/modules/gnupg.nix new file mode 100644 index 0000000..69a10e3 --- /dev/null +++ b/modules/gnupg.nix @@ -0,0 +1,106 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.gnupg; +in +{ + options.nixfiles.modules.gnupg = { + enable = mkEnableOption "GnuPG"; + pinentry = mkOption { + description = "Name of a pinentry implementation."; + type = types.package; + default = pkgs.pinentry-curses; + }; + }; + + config = mkIf cfg.enable { + hm = { + programs.gpg = { + enable = true; + + homedir = "${config.dirs.data}/gnupg"; + + settings = + { + display-charset = "utf-8"; + enable-progress-filter = true; + fixed-list-mode = true; + keyid-format = "0xlong"; + no-comments = true; + no-emit-version = true; + no-greeting = true; + with-fingerprint = true; + throw-keyids = false; + + use-agent = true; + + armor = true; + + no-random-seed-file = true; + + list-options = "show-uid-validity"; + verify-options = "show-uid-validity"; + } + // ( + let + cipherAlgos = [ + "AES256" + "AES192" + "AES" + ]; + digestAlgos = [ + "SHA512" + "SHA384" + "SHA256" + "SHA224" + ]; + compressionAlgos = [ + "ZLIB" + "BZIP2" + "ZIP" + "Uncompressed" + ]; + + cs = concatStringsSep " "; + in + { + default-preference-list = cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); + + personal-cipher-preferences = cs cipherAlgos; + personal-digest-preferences = cs digestAlgos; + personal-compress-preferences = cs compressionAlgos; + + s2k-cipher-algo = head cipherAlgos; + s2k-digest-algo = head digestAlgos; + + digest-algo = head digestAlgos; + cert-digest-algo = head digestAlgos; + } + ); + }; + + services.gpg-agent = { + enable = true; + + enableSshSupport = true; + enableScDaemon = false; + + defaultCacheTtl = 999999; + defaultCacheTtlSsh = 999999; + maxCacheTtl = 999999; + maxCacheTtlSsh = 999999; + + grabKeyboardAndMouse = true; + + sshKeys = [ my.pgp.grip ]; + + pinentryPackage = cfg.pinentry; + }; + }; + }; +} |