61 lines
1.3 KiB
Nix
61 lines
1.3 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib; let
|
|
cfg = config.modules.application.gnupg;
|
|
in {
|
|
options.modules.application.gnupg = {
|
|
enable = mkEnableOption "enable GnuPG and related utils";
|
|
|
|
pass = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "install password-store";
|
|
};
|
|
|
|
enableSshSupport = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "enable GnuPG agent SSH support";
|
|
};
|
|
};
|
|
config = mkIf cfg.enable {
|
|
home.packages = with pkgs; [
|
|
# pinentry-gnome
|
|
gcr
|
|
];
|
|
programs.gpg = {
|
|
enable = true;
|
|
scdaemonSettings = {
|
|
disable-ccid = true;
|
|
};
|
|
homedir = "${config.xdg.configHome}/gnupg";
|
|
};
|
|
|
|
services.gpg-agent = {
|
|
enable = true;
|
|
enableScDaemon = true;
|
|
enableZshIntegration = true;
|
|
pinentry.package = pkgs.pinentry-gnome3;
|
|
enableSshSupport = cfg.enableSshSupport;
|
|
maxCacheTtl = 60 * 60 * 2;
|
|
maxCacheTtlSsh = 60 * 60 * 2;
|
|
defaultCacheTtl = 60 * 60;
|
|
defaultCacheTtlSsh = 60 * 60;
|
|
noAllowExternalCache = true;
|
|
};
|
|
|
|
services.ssh-agent.enable =
|
|
if cfg.enableSshSupport
|
|
then false
|
|
else true;
|
|
programs.password-store = {
|
|
enable = cfg.pass;
|
|
};
|
|
|
|
home.file.".local/bin/gpg-attach-key".source = ./files/gpg-attach-key.sh;
|
|
};
|
|
}
|