default.nix (1032B)
1 { 2 lib, 3 options, 4 config, 5 pkgs, 6 ... 7 }: 8 { 9 options.modules.gpg = { 10 enable = lib.mkOption { 11 description = "Whether to enable GnuPG."; 12 default = false; 13 type = lib.types.bool; 14 }; 15 primaryKey = { 16 fingerprint = lib.mkOption { 17 description = "The fingerprint of the primary key."; 18 type = lib.types.uniq lib.types.str; 19 }; 20 file = lib.mkOption { 21 description = "The path to the primary key file."; 22 type = lib.types.uniq lib.types.path; 23 }; 24 }; 25 }; 26 27 config = lib.mkIf config.modules.gpg.enable { 28 programs.gpg = { 29 enable = true; 30 package = pkgs.gnupg; 31 32 mutableKeys = false; 33 mutableTrust = false; 34 35 publicKeys = [ 36 { 37 source = config.modules.gpg.primaryKey.file; 38 trust = "ultimate"; 39 } 40 ]; 41 }; 42 43 services.gpg-agent = { 44 enable = true; 45 pinentryPackage = pkgs.pinentry-tty; 46 }; 47 48 home.file.".mkshrc".text = "export GPG_TTY=$(${pkgs.sbase}/bin/tty)"; 49 }; 50 }