Merge 9ac79efebd into 693840c01b

2025-03-31 04:04:32 +00:00 · 2025-03-26 08:00:28 -07:00 · 2025-03-26 08:00:28 -07:00 · bf0def8980
commit bf0def8980
parent 693840c01b 9ac79efebd
2 changed files with 59 additions and 6 deletions
--- a/modules/programs/gpg.nix
+++ b/modules/programs/gpg.nix
@ -18,6 +18,16 @@ let
    listsAsDuplicateKeys = true;
  } cfg.scdaemonSettings;

+  dirmngrCfgText = generators.toKeyValue {
+    inherit mkKeyValue;
+    listsAsDuplicateKeys = true;
+  } cfg.dirmngrSettings;
+
+  gpgsmCfgText = generators.toKeyValue {
+    inherit mkKeyValue;
+    listsAsDuplicateKeys = true;
+  } cfg.gpgsmSettings;
+
  primitiveType = types.oneOf [ types.str types.bool ];

  publicKeyOpts = { config, ... }: {
@ -187,6 +197,41 @@ in {
      '';
    };

+    dirmngrSettings = mkOption {
+      type =
+        types.attrsOf (types.either primitiveType (types.listOf types.str));
+      example = literalExpression ''
+        {
+          allow-version-check = true;
+          keyserver = "ldaps://ldap.example.com";
+        }
+      '';
+      description = ''
+        Dirmngr configuration options. Available options are described
+        in
+        [
+          {manpage}`dirmngr(1)`
+        ](https://www.gnupg.org/documentation/manuals/gnupg/Dirmngr-Options.html)
+      '';
+    };
+
+    gpgsmSettings = mkOption {
+      type =
+        types.attrsOf (types.either primitiveType (types.listOf types.str));
+      example = literalExpression ''
+        {
+          with-key-data = true;
+        }
+      '';
+      description = ''
+        GPGSM configuration options. Available options are described
+        in
+        [
+          {manpage}`gpgsm(1)`
+        ](https://www.gnupg.org/documentation/manuals/gnupg/GPGSM-Options.html)
+      '';
+    };
+
    homedir = mkOption {
      type = types.path;
      example = literalExpression ''"''${config.xdg.dataHome}/gnupg"'';
@ -249,8 +294,7 @@ in {
      cert-digest-algo = mkDefault "SHA512";
      s2k-digest-algo = mkDefault "SHA512";
      s2k-cipher-algo = mkDefault "AES256";
-      charset = mkDefault "utf-8";
-      fixed-list-mode = mkDefault true;
+      display-charset = mkDefault "utf-8";
      no-comments = mkDefault true;
      no-emit-version = mkDefault true;
      keyid-format = mkDefault "0xlong";
@ -259,13 +303,20 @@ in {
      with-fingerprint = mkDefault true;
      require-cross-certification = mkDefault true;
      no-symkey-cache = mkDefault true;
-      use-agent = mkDefault true;
    };

    programs.gpg.scdaemonSettings = {
      # no defaults for scdaemon
    };

+    programs.gpg.dirmngrSettings = {
+      # no defaults for dirmngr
+    };
+
+    programs.gpg.gpgsmSettings = {
+      # no defaults for gpgsm
+    };
+
    home.packages = [ cfg.package ];
    home.sessionVariables = { GNUPGHOME = cfg.homedir; };

@ -273,6 +324,10 @@ in {

    home.file."${cfg.homedir}/scdaemon.conf".text = scdaemonCfgText;

+    home.file."${cfg.homedir}/dirmngr.conf".text = dirmngrCfgText;
+
+    home.file."${cfg.homedir}/gpgsm.conf".text = gpgsmCfgText;
+
    # Link keyring if keys are not mutable
    home.file."${cfg.homedir}/pubring.kbx" =
      mkIf (!cfg.mutableKeys && cfg.publicKeys != [ ]) {
--- a/tests/modules/programs/gpg/override-defaults-expected.conf
+++ b/tests/modules/programs/gpg/override-defaults-expected.conf
@ -1,7 +1,6 @@
 cert-digest-algo SHA512
-charset utf-8
 default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
-fixed-list-mode
+display-charset utf-8
 keyid-format 0xlong
 list-options show-uid-validity

@ -16,6 +15,5 @@ s2k-digest-algo SHA512
 throw-keyids
 trusted-key 0xXXXXXXXXXXXXX
 trusted-key 0xYYYYYYYYYYYYY
-use-agent
 verify-options show-uid-validity
 with-fingerprint