From 399a3dfeafa7328f40b99759d94d908185ce72a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Na=C3=AFm=20Favier?= <n@monade.li>
Date: Tue, 5 Apr 2022 05:40:15 +0200
Subject: [PATCH] gpg: create homedir with 700 permissions (#2823)

It can happen in some cases that home-manager first runs before gpg
creates its homedir, and it creates it with 755 permissions which the
user then needs to change by hand.

Do this in the module instead: before linking files, make sure the
homedir exists, and if it doesn't, create it with the right permissions.
---
 modules/programs/gpg.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/programs/gpg.nix b/modules/programs/gpg.nix
index 184c2516..921c4015 100644
--- a/modules/programs/gpg.nix
+++ b/modules/programs/gpg.nix
@@ -282,7 +282,12 @@ in {
         source = "${keyringFiles}/pubring.kbx";
       };
 
-    home.activation = mkIf (cfg.publicKeys != [ ]) {
+    home.activation = {
+      createGpgHomedir =
+        hm.dag.entryBetween [ "linkGeneration" ] [ "writeBoundary" ] ''
+          $DRY_RUN_CMD mkdir -m700 -p $VERBOSE_ARG ${escapeShellArg cfg.homedir}
+        '';
+
       importGpgKeys = let
         gpg = "${cfg.package}/bin/gpg";
 
@@ -313,7 +318,8 @@ in {
           unset GNUPGHOME QUIET_ARG keyId importTrust
         '' ++ optional (!cfg.mutableTrust && anyTrust) ''
           install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'');
-      in lib.hm.dag.entryAfter [ "linkGeneration" ] block;
+      in mkIf (cfg.publicKeys != [ ])
+      (lib.hm.dag.entryAfter [ "linkGeneration" ] block);
     };
   };
 }