gpg: allow for duplicate keys in config (#1814)

Allow for duplicate keys in the form of a list of strings.

Also update the `settings` example configuration to use `literalExample`.

modules/programs/gpg.nix

@@ -5,25 +5,30 @@ with lib;
 let
   cfg = config.programs.gpg;
 
-  cfgText =
-    concatStringsSep "\n"
-    (attrValues
-    (mapAttrs (key: value:
+  mkKeyValue = key: value:
     if isString value
     then "${key} ${value}"
-      else optionalString value key)
-    cfg.settings));
+    else optionalString value key;
 
-in {
+  cfgText = generators.toKeyValue {
+    inherit mkKeyValue;
+    listsAsDuplicateKeys = true;
+  } cfg.settings;
+
+  primitiveType = types.oneOf [ types.str types.bool ];
+in
+{
   options.programs.gpg = {
     enable = mkEnableOption "GnuPG";
 
     settings = mkOption {
-      type = types.attrsOf (types.either types.str types.bool);
-      example = {
+      type = types.attrsOf (types.either primitiveType (types.listOf types.str));
+      example = literalExample ''
+        {
           no-comments = false;
           s2k-cipher-algo = "AES128";
-      };
+        }
+      '';
       description = ''
         GnuPG configuration options. Available options are described
         in the gpg manpage:

tests/modules/programs/gpg/override-defaults-expected.conf

@@ -14,6 +14,8 @@ require-cross-certification
 s2k-cipher-algo AES128
 s2k-digest-algo SHA512
 throw-keyids
+trusted-key 0xXXXXXXXXXXXXX
+trusted-key 0xYYYYYYYYYYYYY
 use-agent
 verify-options show-uid-validity
 with-fingerprint

tests/modules/programs/gpg/override-defaults.nix

@@ -11,6 +11,10 @@ with lib;
         no-comments = false;
         s2k-cipher-algo = "AES128";
         throw-keyids = true;
+        trusted-key = [
+          "0xXXXXXXXXXXXXX"
+          "0xYYYYYYYYYYYYY"
+        ];
       };
     };