forked from fabian/nix
62 lines
1.2 KiB
Nix
62 lines
1.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib; let
|
|
cfg = config.local.services.gpg;
|
|
in {
|
|
options.local.services.gpg = {
|
|
enable = mkEnableOption "gpg settings";
|
|
defaultKey = mkOption {
|
|
type = types.str;
|
|
description = "fingerprint of default public key to be used in gpg, git, email, etc.";
|
|
example = "A8981D346F8F4130CA16A7775517E687FCCE0BB9";
|
|
};
|
|
};
|
|
config = mkIf cfg.enable {
|
|
programs.gpg = {
|
|
enable = true;
|
|
settings = {
|
|
default-key = cfg.defaultKey;
|
|
encrypt-to = cfg.defaultKey;
|
|
};
|
|
};
|
|
|
|
services.gpg-agent = {
|
|
enable = true;
|
|
|
|
enableZshIntegration = true;
|
|
enableBashIntegration = true;
|
|
|
|
enableExtraSocket = true;
|
|
enableSshSupport = true;
|
|
|
|
defaultCacheTtl = 3600 * 3;
|
|
defaultCacheTtlSsh = 3600 * 3;
|
|
|
|
maxCacheTtl = 3600 * 6;
|
|
maxCacheTtlSsh = 3600 * 6;
|
|
|
|
pinentry.package = pkgs.pinentry-emacs;
|
|
};
|
|
|
|
accounts.email.accounts = {
|
|
"fabian@posixlycorrect.com" = {
|
|
gpg = {
|
|
encryptByDefault = true;
|
|
signByDefault = true;
|
|
key = cfg.defaultKey;
|
|
};
|
|
};
|
|
};
|
|
|
|
programs.git = {
|
|
signing = {
|
|
key = cfg.defaultKey;
|
|
signByDefault = true;
|
|
};
|
|
};
|
|
};
|
|
}
|