{ config, lib, pkgs, ... }: with lib; let cfg = config.nixfiles.modules.gnupg; in { options.nixfiles.modules.gnupg = { enable = mkEnableOption "GnuPG"; pinentry = mkOption { description = "Name of a pinentry implementation."; type = types.package; default = pkgs.pinentry-curses; }; }; config = mkIf cfg.enable { hm = { programs.gpg = { enable = true; homedir = "${config.dirs.data}/gnupg"; settings = { display-charset = "utf-8"; enable-progress-filter = true; fixed-list-mode = true; keyid-format = "0xlong"; no-comments = true; no-emit-version = true; no-greeting = true; with-fingerprint = true; throw-keyids = false; use-agent = true; armor = true; no-random-seed-file = true; list-options = "show-uid-validity"; verify-options = "show-uid-validity"; } // ( let cipherAlgos = [ "AES256" "AES192" "AES" ]; digestAlgos = [ "SHA512" "SHA384" "SHA256" "SHA224" ]; compressionAlgos = [ "ZLIB" "BZIP2" "ZIP" "Uncompressed" ]; cs = concatStringsSep " "; in { default-preference-list = cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); personal-cipher-preferences = cs cipherAlgos; personal-digest-preferences = cs digestAlgos; personal-compress-preferences = cs compressionAlgos; s2k-cipher-algo = head cipherAlgos; s2k-digest-algo = head digestAlgos; digest-algo = head digestAlgos; cert-digest-algo = head digestAlgos; } ); }; services.gpg-agent = { enable = true; enableSshSupport = true; enableScDaemon = false; defaultCacheTtl = 999999; defaultCacheTtlSsh = 999999; maxCacheTtl = 999999; maxCacheTtlSsh = 999999; grabKeyboardAndMouse = true; sshKeys = [ my.pgp.grip ]; pinentryPackage = cfg.pinentry; }; }; }; }