nix-dots/common/gpg/default.nix

{
  config,
  lib,
  pkgs,
  ...
}: {
  services.gpg-agent = lib.mkIf pkgs.stdenv.isLinux {
    enable = true;
    enableScDaemon = true;
    enableExtraSocket = true;
    defaultCacheTtl = 34560000;
    maxCacheTtl = 34560000;
    pinentry.package = pkgs.pinentry.tty;
    enableSshSupport = true;

    extraConfig = ''
      extra-socket /run/user/${toString config.home.uid}/gnupg/S.gpg-agent.extra
    '';
  };

  programs.gpg = {
    enable = true;

    scdaemonSettings = {
      disable-ccid = true;
    };

    # Basically Ripped From Yubikey-Guide
    settings = {
      personal-cipher-preferences = "AES256 AES192 AES";

      personal-digest-preferences = "SHA512 SHA384 SHA256";

      personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";

      default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";

      cert-digest-algo = "SHA512";

      s2k-digest-algo = "SHA512";

      s2k-cipher-algo = "AES256";

      charset = "utf-8";

      no-comments = "";

      no-emit-version = "";

      no-greeting = "";

      keyid-format = "0xlong";

      list-options = "show-uid-validity";

      with-fingerprint = "";

      require-cross-certification = "";

      no-symkey-cache = "";

      armor = "";

      use-agent = "";

      throw-keyids = "";

      default-key = "A972C2063F4F2554";

      trusted-key = "A972C2063F4F2554";
    };

    publicKeys = [
      # Personal Yubikey.
      {
        source = ./pubkey.txt;
        trust = "ultimate";
      }
    ];

    mutableTrust = false;
    mutableKeys = false;
  };
}
Initial Commit 2025-05-16 18:11:06 -05:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}: {`
			`services.gpg-agent = lib.mkIf pkgs.stdenv.isLinux {`
			`enable = true;`
			`enableScDaemon = true;`
			`enableExtraSocket = true;`
			`defaultCacheTtl = 34560000;`
			`maxCacheTtl = 34560000;`
Summer Updates. 2025-08-15 16:38:21 -05:00			`pinentry.package = pkgs.pinentry.tty;`
Initial Commit 2025-05-16 18:11:06 -05:00			`enableSshSupport = true;`

			`extraConfig = ''`
			`extra-socket /run/user/${toString config.home.uid}/gnupg/S.gpg-agent.extra`
			`'';`
			`};`

			`programs.gpg = {`
			`enable = true;`

			`scdaemonSettings = {`
			`disable-ccid = true;`
			`};`

			`# Basically Ripped From Yubikey-Guide`
			`settings = {`
			`personal-cipher-preferences = "AES256 AES192 AES";`

			`personal-digest-preferences = "SHA512 SHA384 SHA256";`

			`personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";`

			`default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";`

			`cert-digest-algo = "SHA512";`

			`s2k-digest-algo = "SHA512";`

			`s2k-cipher-algo = "AES256";`

			`charset = "utf-8";`

			`no-comments = "";`

			`no-emit-version = "";`

			`no-greeting = "";`

			`keyid-format = "0xlong";`

			`list-options = "show-uid-validity";`

			`with-fingerprint = "";`

			`require-cross-certification = "";`

			`no-symkey-cache = "";`

			`armor = "";`

			`use-agent = "";`

			`throw-keyids = "";`

			`default-key = "A972C2063F4F2554";`

			`trusted-key = "A972C2063F4F2554";`
			`};`

			`publicKeys = [`
			`# Personal Yubikey.`
			`{`
			`source = ./pubkey.txt;`
			`trust = "ultimate";`
			`}`
			`];`

			`mutableTrust = false;`
			`mutableKeys = false;`
			`};`
			`}`