modularize gpg

2024-11-29 00:56:20 -06:00 · 2024-11-29 00:56:20 -06:00 · a7827e619c
commit a7827e619c
parent 4ec61784ed
4 changed files with 57 additions and 24 deletions
--- a/home/modules/gpg.nix
+++ b/home/modules/gpg.nix
@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.local.services.gpg;
+in {
+  options.local.services.gpg = {
+    enable = mkEnableOption "gpg settings";
+    defaultKey = mkOption {
+      type = types.str;
+      description = "fingerprint of default public key to be used in gpg, git, email, etc.";
+      example = "7AA277E604A4173916BBB4E91FFAC35E1798174F";
+    };
+  };
+  config = mkIf cfg.enable {
+    programs.gpg = {
+      enable = true;
+      settings = {
+        default-key = config.local.services.gpg.defaultKey;
+      };
+    };
+
+    services.gpg-agent = {
+      enable = true;
+      enableZshIntegration = true;
+      pinentryPackage = pkgs.pinentry-emacs;
+    };
+
+    accounts.email.accounts = {
+      "fabian@posixlycorrect.com" = {
+        gpg = {
+          encryptByDefault = true;
+          signByDefault = true;
+          key = config.local.services.gpg.defaultKey;
+        };
+      };
+    };
+
+    programs.git = {
+      signing = {
+        key = config.local.services.gpg.defaultKey;
+        signByDefault = true;
+      };
+    };
+  };
+}