{ config, lib, ... }: with lib; let cfg = config.nixfiles.modules.gnupg; in { options.nixfiles.modules.gnupg = { enable = mkEnableOption "GnuPG"; pinentry = mkOption { description = "Name of a pinentry implementation."; type = types.str; default = with config.nixfiles.modules; if kde.enable then "qt" else if gnome.enable then "gnome" else "curses"; }; }; config = mkIf cfg.enable { hm = { programs.gpg = { enable = true; settings = { display-charset = "utf-8"; enable-progress-filter = true; fixed-list-mode = true; keyid-format = "0xlong"; no-comments = true; no-emit-version = true; no-greeting = true; with-fingerprint = true; throw-keyids = false; use-agent = true; armor = true; no-random-seed-file = true; list-options = "show-uid-validity"; verify-options = "show-uid-validity"; } // (let cipherAlgos = ["AES256" "AES192" "AES"]; compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"]; digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"]; cs = concatStringsSep " "; in { default-preference-list = cs (digestAlgos ++ cipherAlgos ++ compressionAlgos); personal-cipher-preferences = cs cipherAlgos; personal-compress-preferences = cs compressionAlgos; personal-digest-preferences = cs digestAlgos; s2k-cipher-algo = head cipherAlgos; s2k-digest-algo = head digestAlgos; digest-algo = head digestAlgos; cert-digest-algo = head digestAlgos; }); }; services.gpg-agent = { enable = true; enableSshSupport = true; enableScDaemon = false; defaultCacheTtl = 999999; defaultCacheTtlSsh = 999999; maxCacheTtl = 999999; maxCacheTtlSsh = 999999; grabKeyboardAndMouse = true; sshKeys = [my.pgp.grip]; pinentryFlavor = cfg.pinentry; }; }; }; }