about summary refs log tree commit diff
path: root/modules/gnupg.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/gnupg.nix106
1 files changed, 106 insertions, 0 deletions
diff --git a/modules/gnupg.nix b/modules/gnupg.nix
new file mode 100644
index 0000000..69a10e3
--- /dev/null
+++ b/modules/gnupg.nix
@@ -0,0 +1,106 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.gnupg;
+in
+{
+  options.nixfiles.modules.gnupg = {
+    enable = mkEnableOption "GnuPG";
+    pinentry = mkOption {
+      description = "Name of a pinentry implementation.";
+      type = types.package;
+      default = pkgs.pinentry-curses;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    hm = {
+      programs.gpg = {
+        enable = true;
+
+        homedir = "${config.dirs.data}/gnupg";
+
+        settings =
+          {
+            display-charset = "utf-8";
+            enable-progress-filter = true;
+            fixed-list-mode = true;
+            keyid-format = "0xlong";
+            no-comments = true;
+            no-emit-version = true;
+            no-greeting = true;
+            with-fingerprint = true;
+            throw-keyids = false;
+
+            use-agent = true;
+
+            armor = true;
+
+            no-random-seed-file = true;
+
+            list-options = "show-uid-validity";
+            verify-options = "show-uid-validity";
+          }
+          // (
+            let
+              cipherAlgos = [
+                "AES256"
+                "AES192"
+                "AES"
+              ];
+              digestAlgos = [
+                "SHA512"
+                "SHA384"
+                "SHA256"
+                "SHA224"
+              ];
+              compressionAlgos = [
+                "ZLIB"
+                "BZIP2"
+                "ZIP"
+                "Uncompressed"
+              ];
+
+              cs = concatStringsSep " ";
+            in
+            {
+              default-preference-list = cs (cipherAlgos ++ digestAlgos ++ compressionAlgos);
+
+              personal-cipher-preferences = cs cipherAlgos;
+              personal-digest-preferences = cs digestAlgos;
+              personal-compress-preferences = cs compressionAlgos;
+
+              s2k-cipher-algo = head cipherAlgos;
+              s2k-digest-algo = head digestAlgos;
+
+              digest-algo = head digestAlgos;
+              cert-digest-algo = head digestAlgos;
+            }
+          );
+      };
+
+      services.gpg-agent = {
+        enable = true;
+
+        enableSshSupport = true;
+        enableScDaemon = false;
+
+        defaultCacheTtl = 999999;
+        defaultCacheTtlSsh = 999999;
+        maxCacheTtl = 999999;
+        maxCacheTtlSsh = 999999;
+
+        grabKeyboardAndMouse = true;
+
+        sshKeys = [ my.pgp.grip ];
+
+        pinentryPackage = cfg.pinentry;
+      };
+    };
+  };
+}

Consider giving Nix/NixOS a try! <3