From 9f0e785296ae092b9a1c988877b83dad901a518a Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 31 Jan 2022 10:18:08 +0100 Subject: [PATCH] Use gpg 2.3 from unstable --- .../fhauser/applications/gpg.nix | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/defaults/user-configuration/fhauser/applications/gpg.nix b/defaults/user-configuration/fhauser/applications/gpg.nix index e9fcd6f..96f0cd2 100644 --- a/defaults/user-configuration/fhauser/applications/gpg.nix +++ b/defaults/user-configuration/fhauser/applications/gpg.nix @@ -1,16 +1,19 @@ -{ pkgs, ... }: { +{ pkgs, ... }: let + unstable = import {}; +in { #TODO: ENV variabls for agent home-manager.users.fhauser.home.sessionVariables.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"; home-manager.users.fhauser.programs.gpg = { enable = true; + package = unstable.gnupg; settings = { "use-agent" = true; "trust-model" = "tofu"; "no-emit-version" = true; "no-comments" = true; "sig-notation" = "issuer-fpr@notations.openpgp.fifthhorseman.net=%g"; - "keyserver" = "hkp://pool.sks-keyservers.net"; + "keyserver" = "hkps://keys.openpgp.org"; "keyserver-options" = "auto-key-retrieve no-honor-keyserver-url"; "personal-cipher-preferences" = "AES256 AES192 AES CAST5"; "cert-digest-algo" = "SHA512"; @@ -24,11 +27,20 @@ "verify-options" = "show-uid-validity"; "list-options" = "show-uid-validity"; }; + scdaemonSettings = { + disable-ccid = true; + }; + # TODO: Complete this list and maybe transfer to managed configuration? + #publicKeys = [ + # { source = "./fabian.hauser@qo.is.pub"; trust = 5; } + # { source = "./fabian.hauser@threema.ch.pub"; trust = 5; } + #]; }; home-manager.users.fhauser.services.gpg-agent = { enable = true; enableScDaemon = true; enableSshSupport = true; + enableExtraSocket = true; sshKeys = [ "99DFB0F28CF9420A2D6383139E86814A1568C81B" # 0x8193A5D218B553DD / fabian.hauser@threema.ch "638143D3F6421377E9D4C7F1D2EDC5AA0A860351" # 0x3E957C9C8CB5D6B2 / fabian.hauser@qo.is