gpg: add module

This commit is contained in:
Jaka Hudoklin 2019-05-24 09:01:10 +02:00 committed by Robert Helgesson
parent 8991fe2e90
commit 0db26fc3ab
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
7 changed files with 114 additions and 0 deletions

View file

@ -1099,6 +1099,13 @@ in
A new module is available: 'services.xsuspender'.
'';
}
{
time = "2019-06-03T21:47:10+00:00";
message = ''
A new module is available: 'programs.gpg'.
'';
}
];
};
}

View file

@ -54,6 +54,7 @@ let
(loadModule ./programs/git.nix { })
(loadModule ./programs/gnome-terminal.nix { })
(loadModule ./programs/go.nix { })
(loadModule ./programs/gpg.nix { })
(loadModule ./programs/home-manager.nix { })
(loadModule ./programs/htop.nix { })
(loadModule ./programs/info.nix { })

62
modules/programs/gpg.nix Normal file
View file

@ -0,0 +1,62 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.gpg;
cfgText =
concatStringsSep "\n"
(attrValues
(mapAttrs (key: value:
if isString value
then "${key} ${value}"
else optionalString value key)
cfg.settings));
in {
options.programs.gpg = {
enable = mkEnableOption "GnuPG";
settings = mkOption {
type = types.attrsOf (types.either types.str types.bool);
example = {
no-comments = false;
s2k-cipher-algo = "AES128";
};
description = ''
GnuPG configuration options. Available options are described
in the gpg manpage:
<link xlink:href="https://gnupg.org/documentation/manpage.html"/>.
'';
};
};
config = mkIf cfg.enable {
programs.gpg.settings = {
personal-cipher-preferences = mkDefault "AES256 AES192 AES";
personal-digest-preferences = mkDefault "SHA512 SHA384 SHA256";
personal-compress-preferences = mkDefault "ZLIB BZIP2 ZIP Uncompressed";
default-preference-list = mkDefault "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
cert-digest-algo = mkDefault "SHA512";
s2k-digest-algo = mkDefault "SHA512";
s2k-cipher-algo = mkDefault "AES256";
charset = mkDefault "utf-8";
fixed-list-mode = mkDefault true;
no-comments = mkDefault true;
no-emit-version = mkDefault true;
keyid-format = mkDefault "0xlong";
list-options = mkDefault "show-uid-validity";
verify-options = mkDefault "show-uid-validity";
with-fingerprint = mkDefault true;
require-cross-certification = mkDefault true;
no-symkey-cache = mkDefault true;
throw-keyids = mkDefault true;
use-agent = mkDefault true;
};
home.packages = [ pkgs.gnupg ];
home.file.".gnupg/gpg.conf".text = cfgText;
};
}

View file

@ -39,6 +39,7 @@ import nmt {
// import ./modules/misc/fontconfig
// import ./modules/programs/alacritty
// import ./modules/programs/bash
// import ./modules/programs/gpg
// import ./modules/programs/ssh
// import ./modules/programs/tmux
// import ./modules/programs/zsh;

View file

@ -0,0 +1,3 @@
{
gpg-override-defaults = ./override-defaults.nix;
}

View file

@ -0,0 +1,19 @@
cert-digest-algo SHA512
charset utf-8
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
fixed-list-mode
keyid-format 0xlong
list-options show-uid-validity
no-emit-version
no-symkey-cache
personal-cipher-preferences AES256 AES192 AES
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
personal-digest-preferences SHA512 SHA384 SHA256
require-cross-certification
s2k-cipher-algo AES128
s2k-digest-algo SHA512
throw-keyids
use-agent
verify-options show-uid-validity
with-fingerprint

View file

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
programs.gpg = {
enable = true;
settings = {
no-comments = false;
s2k-cipher-algo = "AES128";
};
};
nmt.script = ''
assertFileExists home-files/.gnupg/gpg.conf
assertFileContent home-files/.gnupg/gpg.conf ${./override-defaults-expected.conf}
'';
};
}