diff --git a/modules/programs/gpg.nix b/modules/programs/gpg.nix index 4588c59c8..1c77d871e 100644 --- a/modules/programs/gpg.nix +++ b/modules/programs/gpg.nix @@ -5,25 +5,30 @@ with lib; let cfg = config.programs.gpg; - cfgText = - concatStringsSep "\n" - (attrValues - (mapAttrs (key: value: - if isString value - then "${key} ${value}" - else optionalString value key) - cfg.settings)); + mkKeyValue = key: value: + if isString value + then "${key} ${value}" + else optionalString value key; -in { + cfgText = generators.toKeyValue { + inherit mkKeyValue; + listsAsDuplicateKeys = true; + } cfg.settings; + + primitiveType = types.oneOf [ types.str types.bool ]; +in +{ options.programs.gpg = { enable = mkEnableOption "GnuPG"; settings = mkOption { - type = types.attrsOf (types.either types.str types.bool); - example = { - no-comments = false; - s2k-cipher-algo = "AES128"; - }; + type = types.attrsOf (types.either primitiveType (types.listOf types.str)); + example = literalExample '' + { + no-comments = false; + s2k-cipher-algo = "AES128"; + } + ''; description = '' GnuPG configuration options. Available options are described in the gpg manpage: diff --git a/tests/modules/programs/gpg/override-defaults-expected.conf b/tests/modules/programs/gpg/override-defaults-expected.conf index 3198183f7..4b4f132d0 100644 --- a/tests/modules/programs/gpg/override-defaults-expected.conf +++ b/tests/modules/programs/gpg/override-defaults-expected.conf @@ -14,6 +14,8 @@ require-cross-certification s2k-cipher-algo AES128 s2k-digest-algo SHA512 throw-keyids +trusted-key 0xXXXXXXXXXXXXX +trusted-key 0xYYYYYYYYYYYYY use-agent verify-options show-uid-validity -with-fingerprint \ No newline at end of file +with-fingerprint diff --git a/tests/modules/programs/gpg/override-defaults.nix b/tests/modules/programs/gpg/override-defaults.nix index 850334dc5..905b984c5 100644 --- a/tests/modules/programs/gpg/override-defaults.nix +++ b/tests/modules/programs/gpg/override-defaults.nix @@ -11,6 +11,10 @@ with lib; no-comments = false; s2k-cipher-algo = "AES128"; throw-keyids = true; + trusted-key = [ + "0xXXXXXXXXXXXXX" + "0xYYYYYYYYYYYYY" + ]; }; };