diff --git a/modules/misc/news.nix b/modules/misc/news.nix index 4820ef8eb..d6c526873 100644 --- a/modules/misc/news.nix +++ b/modules/misc/news.nix @@ -1099,6 +1099,13 @@ in A new module is available: 'services.xsuspender'. ''; } + + { + time = "2019-06-03T21:47:10+00:00"; + message = '' + A new module is available: 'programs.gpg'. + ''; + } ]; }; } diff --git a/modules/modules.nix b/modules/modules.nix index 524202122..af0cbc1ca 100644 --- a/modules/modules.nix +++ b/modules/modules.nix @@ -54,6 +54,7 @@ let (loadModule ./programs/git.nix { }) (loadModule ./programs/gnome-terminal.nix { }) (loadModule ./programs/go.nix { }) + (loadModule ./programs/gpg.nix { }) (loadModule ./programs/home-manager.nix { }) (loadModule ./programs/htop.nix { }) (loadModule ./programs/info.nix { }) diff --git a/modules/programs/gpg.nix b/modules/programs/gpg.nix new file mode 100644 index 000000000..e06ec3a93 --- /dev/null +++ b/modules/programs/gpg.nix @@ -0,0 +1,62 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.gpg; + + cfgText = + concatStringsSep "\n" + (attrValues + (mapAttrs (key: value: + if isString value + then "${key} ${value}" + else optionalString value key) + cfg.settings)); + +in { + options.programs.gpg = { + enable = mkEnableOption "GnuPG"; + + settings = mkOption { + type = types.attrsOf (types.either types.str types.bool); + example = { + no-comments = false; + s2k-cipher-algo = "AES128"; + }; + description = '' + GnuPG configuration options. Available options are described + in the gpg manpage: + . + ''; + }; + }; + + config = mkIf cfg.enable { + programs.gpg.settings = { + personal-cipher-preferences = mkDefault "AES256 AES192 AES"; + personal-digest-preferences = mkDefault "SHA512 SHA384 SHA256"; + personal-compress-preferences = mkDefault "ZLIB BZIP2 ZIP Uncompressed"; + default-preference-list = mkDefault "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed"; + cert-digest-algo = mkDefault "SHA512"; + s2k-digest-algo = mkDefault "SHA512"; + s2k-cipher-algo = mkDefault "AES256"; + charset = mkDefault "utf-8"; + fixed-list-mode = mkDefault true; + no-comments = mkDefault true; + no-emit-version = mkDefault true; + keyid-format = mkDefault "0xlong"; + list-options = mkDefault "show-uid-validity"; + verify-options = mkDefault "show-uid-validity"; + with-fingerprint = mkDefault true; + require-cross-certification = mkDefault true; + no-symkey-cache = mkDefault true; + throw-keyids = mkDefault true; + use-agent = mkDefault true; + }; + + home.packages = [ pkgs.gnupg ]; + + home.file.".gnupg/gpg.conf".text = cfgText; + }; +} diff --git a/tests/default.nix b/tests/default.nix index 2457e5e4e..3ef1fa43e 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -39,6 +39,7 @@ import nmt { // import ./modules/misc/fontconfig // import ./modules/programs/alacritty // import ./modules/programs/bash + // import ./modules/programs/gpg // import ./modules/programs/ssh // import ./modules/programs/tmux // import ./modules/programs/zsh; diff --git a/tests/modules/programs/gpg/default.nix b/tests/modules/programs/gpg/default.nix new file mode 100644 index 000000000..5cb24817c --- /dev/null +++ b/tests/modules/programs/gpg/default.nix @@ -0,0 +1,3 @@ +{ + gpg-override-defaults = ./override-defaults.nix; +} diff --git a/tests/modules/programs/gpg/override-defaults-expected.conf b/tests/modules/programs/gpg/override-defaults-expected.conf new file mode 100644 index 000000000..3198183f7 --- /dev/null +++ b/tests/modules/programs/gpg/override-defaults-expected.conf @@ -0,0 +1,19 @@ +cert-digest-algo SHA512 +charset utf-8 +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed +fixed-list-mode +keyid-format 0xlong +list-options show-uid-validity + +no-emit-version +no-symkey-cache +personal-cipher-preferences AES256 AES192 AES +personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed +personal-digest-preferences SHA512 SHA384 SHA256 +require-cross-certification +s2k-cipher-algo AES128 +s2k-digest-algo SHA512 +throw-keyids +use-agent +verify-options show-uid-validity +with-fingerprint \ No newline at end of file diff --git a/tests/modules/programs/gpg/override-defaults.nix b/tests/modules/programs/gpg/override-defaults.nix new file mode 100644 index 000000000..7cf68b31b --- /dev/null +++ b/tests/modules/programs/gpg/override-defaults.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + config = { + programs.gpg = { + enable = true; + + settings = { + no-comments = false; + s2k-cipher-algo = "AES128"; + }; + }; + + nmt.script = '' + assertFileExists home-files/.gnupg/gpg.conf + assertFileContent home-files/.gnupg/gpg.conf ${./override-defaults-expected.conf} + ''; + }; +}