add gpg configuration options

2022-02-02 16:55:39 +01:00 · 2022-02-02 16:55:39 +01:00 · b8e5b168a5
commit b8e5b168a5
parent f9d88dc15c
3 changed files with 78 additions and 4 deletions
--- a/config/programs/gpg.nix
+++ b/config/programs/gpg.nix
@ -1,9 +1,13 @@
-{ ... }: {
+{ pkgs, ... }: {
  programs.gpg = {
    enable = true;
    mutableKeys = false;
    mutableTrust = false;
    publicKeys = [
+      {
+        source = ../../keys/lotte_chir.rs.pgp;
+        trust = 5;
+      }
      {
        source = ../../keys/darkkirb_darkkirb.de.pgp;
        trust = 5;
@ -13,6 +17,37 @@
        trust = 5;
      }
    ];
+    scdaemonSettings = {
+      disable-ccid = true;
+      pcsc-driver = "${pkgs.pcsclite}/lib/libpcsclite.so.1";
+      reader-port = "Yubico YubiKey";
+    };
+    settings = {
+      # https://github.com/drduh/config/blob/master/gpg.conf
+      personal-cipher-preferences = "AES256 AES192 AES";
+      personal-digest-preferences = "SHA512 SHA384 SHA256";
+      personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
+      default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
+      cert-digest-algo = "SHA512";
+      s2k-digest-algo = "SHA512";
+      s2k-cipher-algo = "AES256";
+      charset = "utf-8";
+      fixed-list-mode = true;
+      no-comments = true;
+      no-emit-version = true;
+      no-greeting = true;
+      keyid-format = "0xlong";
+      list-options = "show-uid-validity";
+      verify-options = "show-uid-validity";
+      with-fingerprint = true;
+      with-key-origin = true;
+      require-cross-certification = true;
+      no-symkey-cache = true;
+      use-agent = true;
+      throw-keyids = true;
+      keyserver = [ "hkps://keys.openpgp.org" "hkps://keyserver.ubuntu.com:443" "hkps://hkps.pool.sks-keyservers.net" "hkps://pgp.ocf.berkeley.edu" ];
+      auto-key-locate = [ "local" "dane" "cert" "wkd" ];
+    };
  };
  services.gpg-agent = {
    enable = true;
--- a/flake.lock
+++ b/flake.lock
@ -317,11 +317,11 @@
        "quazip": "quazip"
      },
      "locked": {
-        "lastModified": 1643809586,
-        "narHash": "sha256-KfoiGN9NTiuZjmw37I9GhWbv73rvHd8smv69yGAMzcU=",
+        "lastModified": 1643811450,
+        "narHash": "sha256-qHyvKKwVymoyeRijb85UvF5MXiepfx6uXUZTC5AfhNI=",
        "owner": "PolyMC",
        "repo": "PolyMC",
-        "rev": "cf3c2482c9e7f743088b590f8c90cc3be1308718",
+        "rev": "bff683e6d4701912c252f6d88598e35afaf20fc9",
        "type": "github"
      },
      "original": {
--- a/keys/lotte_chir.rs.pgp
+++ b/keys/lotte_chir.rs.pgp
@ -0,0 +1,39 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYfph3hYJKwYBBAHaRw8BAQdAWYTcPt/iW5HydB1kBRgUk9yDIvp6iwYu8zVB
+yRsLPEi0JUNoYXJsb3R0ZSDwn6adIERlbGVuayA8bG90dGVAY2hpci5ycz6IkQQT
+FgoAOQIbAQQLCQgHBBUKCQgFFgIDAQACHgUCF4AWIQTvXzZ6leC/pjkC2Gq049SA
+HEnsXgUCYfpkSAIZAQAKCRC049SAHEnsXsxtAQDbyA2vxblzaqIASnWB3sxZdTv9
+cMDVPsoHSBPjOKR4/AD+Kufu2movJkLh343yAXb3nSoy32H63qRqZz4a0TIXpQOJ
+AjMEEAEKAB0WIQQgbaXh2gkEtu5JFro8713akVrssAUCYfpjUAAKCRA8713akVrs
+sKLSD/94wq8Zj9auuQUsd9ObhxqbdGJ/V9NcatDgQgmwYPBkX3QmAhYtUMzXGcHK
+zWZu9U0eIK+a9GXWRAh7ZvAEHt5zLQ/TCYbJ5LvKqzCMJWPxxYLWXEE6DEIHd7Q3
+IjJwSy0IbDbFtoHjzf0RIB26tFUTUF+FL8DfbvuDnaflumjrhuJsf7dEhz737bC5
+w0z9P7SB0E+olrSKn6rVrbsS+0i68ys0VrjZmBisIMe4HJoOGgRAQaU0McfGqJD
+7XFfdBk8eqFOICmmbA7h5BxESoICWamSTaboiYqOOcrzgh7f+1MKUiSP1i+G7zfE
+vXnEkRosHopZWZZP30HvUZqJOzTrJ9pQNCab4+VJ4Koknnain3A3IDUT16HOmmWG
+Vfe1XXbbaZaGvdzBudAxoxFBEV/b8cFNGHMZpr3zaB9OzBMadnhpTSJghp5U8j+w
+ix54X2/Rnh+t3SgpJmDTcz/adH/xwz80lgghQhl8/deZ52YiWoP+G7uI/og5F29K
+mFghPGEJwsgyYxW56O5s5smXc0cXQLdVLS7NCY1eq9zOa24h+fWjoC4xtQqO2W1o
+rXELIE/uNBnHosjBL2tXjpvpWIyZwdhkAQsnhYYqZ2U2t8lHgPOoCjYxsERoank
+B6ZLiXkJG8LmKWNqe7HJ+cAJp+rbiW7qf+4QWI0V3E3Grfxv87QsQ2hhcmxvdHRl
+IPCfpp0gRGVsZW5rIDxkYXJra2lyYkBkYXJra2lyYi5kZT6IjgQTFgoANhYhBO9f
+NnqV4L+mOQLYarTj1IAcSexeBQJh+mQtAhsBBAsJCAcEFQoJCAUWAgMBAAIeBQIX
+gAAKCRC049SAHEnsXpILAP9Lim+NpTdzo6/0uIRNp9xCcY6jKjUBOSemEvkfZqCH
+RQEA4+ZfdPs2tZ6lBUm3g1xCnc26CCqrDfE+OqOs6k+ccA64MwRh+mPJFgkrBgEE
+AdpHDwEBB0A80PFr8R7U69xomIUlvcc0YqNVkF6lcM3SBf0JNgRWP4j1BBgWCgAm
+FiEE7182epXgv6Y5AthqtOPUgBxJ7F4FAmH6Y8kCGwIFCQHhM4AAgQkQtOPUgBxJ
+7F52IAQZFgoAHRYhBC79cu8hxFgw7HriU6sr2Nry43EiBQJh+mPJAAoJEKsr2Nry
+43Ei4NYA/AsOyJgBZq6MET81FjAa16fZWlACdGxqNMEv2XVtsp7PAQCTNdttTShA
+84S/ZY5znPZQMxGtdDpVnXI+oQm8fkgRD25UAQD/NG/sUL9QZJGq/U0PTfOtS4Qs
+iuCSoOZxOLguNeXrJwEAqRhzx4uk6xcl+BbLPA0+yUzI+sGBUnVRVcksFMSLAAe4
+OARh+mPqEgorBgEEAZdVAQUBAQdAxyoJtLvOVoTnqMPcPCT7+3LnzAvGiU71TDqP
+fVSyeg4DAQgHiH4EGBYKACYWIQTvXzZ6leC/pjkC2Gq049SAHEnsXgUCYfpj6gIb
+DAUJAeEzgAAKCRC049SAHEnsXhiCAP9dySG3PazmDWK0XwM9dzOtGZsMpvj1Fstt
+5Y5vdlJtjAD/ZUyul3Ari507nq7jjOIEX/5CGmCN8yRVFY1xhxBxQwK4MwRh+mQA
+FgkrBgEEAdpHDwEBB0BRYmE4yDB+mMwK01jI0/K+Ioyw3k3UQHpHo0RP1v5yx4h+
+BBgWCgAmFiEE7182epXgv6Y5AthqtOPUgBxJ7F4FAmH6ZAACGyAFCQHhM4AACgkQ
+tOPUgBxJ7F7D/gEA9MN3aL0ZfbEhAw5s9XORLfbwOBBBZM6ycSIj0nFTHkgBAIsA
+gTic9f0ZoRvUu8J3xKsXd3GjxPRU2sKlS680KaQH
+=3Z2A
+-----END PGP PUBLIC KEY BLOCK-----