Mirrors/home-manager
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

gpg: apply nixfmt

Browse source
This commit is contained in:
Robert Helgesson 2022-04-25 00:46:58 +02:00
parent 7244c6715c
commit e997bf4c98
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
2 changed files with 96 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
format
View file

@ -24,7 +24,6 @@ find . -name '*.nix' \
! -path ./modules/manual.nix \ ! -path ./modules/manual.nix \
! -path ./modules/misc/news.nix \ ! -path ./modules/misc/news.nix \
! -path ./modules/programs/bash.nix \ ! -path ./modules/programs/bash.nix \
! -path ./modules/programs/gpg.nix \
! -path ./modules/programs/ssh.nix \ ! -path ./modules/programs/ssh.nix \
! -path ./modules/programs/zsh.nix \ ! -path ./modules/programs/zsh.nix \
! -path ./modules/services/gpg-agent.nix \ ! -path ./modules/services/gpg-agent.nix \

185
modules/programs/gpg.nix
View file

@ -6,9 +6,7 @@ let
cfg = config.programs.gpg; cfg = config.programs.gpg;
mkKeyValue = key: value: mkKeyValue = key: value:
if isString value if isString value then "${key} ${value}" else optionalString value key;
then "${key} ${value}"
else optionalString value key;
cfgText = generators.toKeyValue { cfgText = generators.toKeyValue {
inherit mkKeyValue; inherit mkKeyValue;
@ -22,7 +20,7 @@ let
primitiveType = types.oneOf [ types.str types.bool ]; primitiveType = types.oneOf [ types.str types.bool ];
publicKeyOpts = { config, ...}: { publicKeyOpts = { config, ... }: {
options = { options = {
text = mkOption { text = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
@ -40,7 +38,18 @@ let
}; };
trust = mkOption { trust = mkOption {
type = types.nullOr (types.enum ["unknown" 1 "never" 2 "marginal" 3 "full" 4 "ultimate" 5]); type = types.nullOr (types.enum [
"unknown"
1
"never"
2
"marginal"
3
"full"
4
"ultimate"
5
]);
default = null; default = null;
apply = v: apply = v:
if isString v then if isString v then
@ -51,7 +60,8 @@ let
full = 4; full = 4;
ultimate = 5; ultimate = 5;
}.${v} }.${v}
else v; else
v;
description = '' description = ''
The amount of trust you have in the key ownership and the care the The amount of trust you have in the key ownership and the care the
owner puts into signing other keys. The available levels are owner puts into signing other keys. The available levels are
@ -85,58 +95,55 @@ let
}; };
config = { config = {
source = mkIf (config.text != null) source =
(pkgs.writeText "gpg-pubkey" config.text); mkIf (config.text != null) (pkgs.writeText "gpg-pubkey" config.text);
}; };
}; };
importTrustBashFunctions = importTrustBashFunctions = let gpg = "${cfg.package}/bin/gpg";
let gpg = "${cfg.package}/bin/gpg"; in ''
in '' function gpgKeyId() {
function gpgKeyId() { ${gpg} --show-key --with-colons "$1" \
${gpg} --show-key --with-colons "$1" \ | grep ^pub: \
| grep ^pub: \ | cut -d: -f5
| cut -d: -f5 }
}
function importTrust() { function importTrust() {
local keyId trust local keyId trust
keyId="$(gpgKeyId "$1")" keyId="$(gpgKeyId "$1")"
trust="$2" trust="$2"
if [[ -n $keyId ]] ; then if [[ -n $keyId ]] ; then
{ echo trust; echo "$trust"; (( trust == 5 )) && echo y; echo quit; } \ { echo trust; echo "$trust"; (( trust == 5 )) && echo y; echo quit; } \
| ${gpg} --no-tty --command-fd 0 --edit-key "$keyId" | ${gpg} --no-tty --command-fd 0 --edit-key "$keyId"
fi fi
} }
''; '';
keyringFiles = keyringFiles = let
let gpg = "${cfg.package}/bin/gpg";
gpg = "${cfg.package}/bin/gpg";
importKey = { source, trust, ... }: '' importKey = { source, trust, ... }: ''
${gpg} --import ${source} ${gpg} --import ${source}
${optionalString (trust != null) '' ${optionalString (trust != null)
importTrust "${source}" ${toString trust}''} ''importTrust "${source}" ${toString trust}''}
'';
importKeys = concatMapStringsSep "\n" importKey cfg.publicKeys;
in pkgs.runCommand "gpg-pubring" { buildInputs = [ cfg.package ]; } ''
export GNUPGHOME
GNUPGHOME=$(mktemp -d)
${importTrustBashFunctions}
${importKeys}
mkdir $out
cp $GNUPGHOME/pubring.kbx $out/pubring.kbx
if [[ -e $GNUPGHOME/trustdb.gpg ]] ; then
cp $GNUPGHOME/trustdb.gpg $out/trustdb.gpg
fi
''; '';
in importKeys = concatMapStringsSep "\n" importKey cfg.publicKeys;
{ in pkgs.runCommand "gpg-pubring" { buildInputs = [ cfg.package ]; } ''
export GNUPGHOME
GNUPGHOME=$(mktemp -d)
${importTrustBashFunctions}
${importKeys}
mkdir $out
cp $GNUPGHOME/pubring.kbx $out/pubring.kbx
if [[ -e $GNUPGHOME/trustdb.gpg ]] ; then
cp $GNUPGHOME/trustdb.gpg $out/trustdb.gpg
fi
'';
in {
options.programs.gpg = { options.programs.gpg = {
enable = mkEnableOption "GnuPG"; enable = mkEnableOption "GnuPG";
@ -145,11 +152,13 @@ in
default = pkgs.gnupg; default = pkgs.gnupg;
defaultText = literalExpression "pkgs.gnupg"; defaultText = literalExpression "pkgs.gnupg";
example = literalExpression "pkgs.gnupg23"; example = literalExpression "pkgs.gnupg23";
description = "The Gnupg package to use (also used the gpg-agent service)."; description =
"The Gnupg package to use (also used the gpg-agent service).";
}; };
settings = mkOption { settings = mkOption {
type = types.attrsOf (types.either primitiveType (types.listOf types.str)); type =
types.attrsOf (types.either primitiveType (types.listOf types.str));
example = literalExpression '' example = literalExpression ''
{ {
no-comments = false; no-comments = false;
@ -167,7 +176,8 @@ in
}; };
scdaemonSettings = mkOption { scdaemonSettings = mkOption {
type = types.attrsOf (types.either primitiveType (types.listOf types.str)); type =
types.attrsOf (types.either primitiveType (types.listOf types.str));
example = literalExpression '' example = literalExpression ''
{ {
disable-ccid = true; disable-ccid = true;
@ -182,9 +192,10 @@ in
homedir = mkOption { homedir = mkOption {
type = types.path; type = types.path;
example = literalExpression "\"\${config.xdg.dataHome}/gnupg\""; example = literalExpression ''"''${config.xdg.dataHome}/gnupg"'';
default = "${config.home.homeDirectory}/.gnupg"; default = "${config.home.homeDirectory}/.gnupg";
defaultText = literalExpression "\"\${config.home.homeDirectory}/.gnupg\""; defaultText =
literalExpression ''"''${config.home.homeDirectory}/.gnupg"'';
description = "Directory to store keychains and configuration."; description = "Directory to store keychains and configuration.";
}; };
@ -236,7 +247,8 @@ in
personal-cipher-preferences = mkDefault "AES256 AES192 AES"; personal-cipher-preferences = mkDefault "AES256 AES192 AES";
personal-digest-preferences = mkDefault "SHA512 SHA384 SHA256"; personal-digest-preferences = mkDefault "SHA512 SHA384 SHA256";
personal-compress-preferences = mkDefault "ZLIB BZIP2 ZIP Uncompressed"; personal-compress-preferences = mkDefault "ZLIB BZIP2 ZIP Uncompressed";
default-preference-list = mkDefault "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed"; default-preference-list = mkDefault
"SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
cert-digest-algo = mkDefault "SHA512"; cert-digest-algo = mkDefault "SHA512";
s2k-digest-algo = mkDefault "SHA512"; s2k-digest-algo = mkDefault "SHA512";
s2k-cipher-algo = mkDefault "AES256"; s2k-cipher-algo = mkDefault "AES256";
@ -258,9 +270,7 @@ in
}; };
home.packages = [ cfg.package ]; home.packages = [ cfg.package ];
home.sessionVariables = { home.sessionVariables = { GNUPGHOME = cfg.homedir; };
GNUPGHOME = cfg.homedir;
};
home.file."${cfg.homedir}/gpg.conf".text = cfgText; home.file."${cfg.homedir}/gpg.conf".text = cfgText;
@ -268,45 +278,42 @@ in
# Link keyring if keys are not mutable # Link keyring if keys are not mutable
home.file."${cfg.homedir}/pubring.kbx" = home.file."${cfg.homedir}/pubring.kbx" =
mkIf (!cfg.mutableKeys && cfg.publicKeys != []) { mkIf (!cfg.mutableKeys && cfg.publicKeys != [ ]) {
source = "${keyringFiles}/pubring.kbx"; source = "${keyringFiles}/pubring.kbx";
}; };
home.activation = mkIf (cfg.publicKeys != []) { home.activation = mkIf (cfg.publicKeys != [ ]) {
importGpgKeys = importGpgKeys = let
let gpg = "${cfg.package}/bin/gpg";
gpg = "${cfg.package}/bin/gpg";
importKey = { source, trust, ... }: importKey = { source, trust, ... }:
# Import mutable keys # Import mutable keys
optional cfg.mutableKeys '' optional cfg.mutableKeys
$DRY_RUN_CMD ${gpg} $QUIET_ARG --import ${source}'' "$DRY_RUN_CMD ${gpg} $QUIET_ARG --import ${source}"
# Import mutable trust # Import mutable trust
++ optional (trust != null && cfg.mutableTrust) '' ++ optional (trust != null && cfg.mutableTrust)
$DRY_RUN_CMD importTrust "${source}" ${toString trust}''; ''$DRY_RUN_CMD importTrust "${source}" ${toString trust}'';
anyTrust = any (k: k.trust != null) cfg.publicKeys; anyTrust = any (k: k.trust != null) cfg.publicKeys;
importKeys = concatStringsSep "\n" (concatMap importKey cfg.publicKeys); importKeys = concatStringsSep "\n" (concatMap importKey cfg.publicKeys);
# If any key/trust should be imported then create the block. Otherwise # If any key/trust should be imported then create the block. Otherwise
# leave it empty. # leave it empty.
block = concatStringsSep "\n" ( block = concatStringsSep "\n" (optional (importKeys != "") ''
optional (importKeys != "") '' export GNUPGHOME=${escapeShellArg cfg.homedir}
export GNUPGHOME=${escapeShellArg cfg.homedir} if [[ ! -v VERBOSE ]]; then
if [[ ! -v VERBOSE ]]; then QUIET_ARG="--quiet"
QUIET_ARG="--quiet" else
else QUIET_ARG=""
QUIET_ARG="" fi
fi ${importTrustBashFunctions}
${importTrustBashFunctions} ${importKeys}
${importKeys} unset GNUPGHOME QUIET_ARG keyId importTrust
unset GNUPGHOME QUIET_ARG keyId importTrust '' ++ optional (!cfg.mutableTrust && anyTrust) ''
'' ++ optional (!cfg.mutableTrust && anyTrust) '' install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'');
install -m 0700 ${keyringFiles}/trustdb.gpg "${cfg.homedir}/trustdb.gpg"'' in lib.hm.dag.entryAfter [ "linkGeneration" ] block;
);
in lib.hm.dag.entryAfter ["linkGeneration"] block;
}; };
}; };
} }