gpg: add dirmngrSettings and gpgsmSettings options

2026-01-12 01:59:37 +08:00 · 2024-11-02 00:00:00 +07:00
parent 47e195783e
commit 9d1c71f390
6 changed files with 98 additions and 18 deletions
--- a/modules/programs/gpg.nix
+++ b/modules/programs/gpg.nix
@@ -16,18 +16,13 @@ let

  cfg = config.programs.gpg;

-  mkKeyValue =
-    key: value: if lib.isString value then "${key} ${value}" else lib.optionalString value key;
-
-  cfgText = lib.generators.toKeyValue {
-    inherit mkKeyValue;
-    listsAsDuplicateKeys = true;
-  } cfg.settings;
-
-  scdaemonCfgText = lib.generators.toKeyValue {
-    inherit mkKeyValue;
-    listsAsDuplicateKeys = true;
-  } cfg.scdaemonSettings;
+  toKeyValue =
+    settings:
+    lib.generators.toKeyValue {
+      mkKeyValue =
+        key: value: if lib.isString value then "${key} ${value}" else lib.optionalString value key;
+      listsAsDuplicateKeys = true;
+    } settings;

  primitiveType = types.oneOf [
    types.str
@@ -193,6 +188,7 @@ in

    scdaemonSettings = mkOption {
      type = types.attrsOf (types.either primitiveType (types.listOf types.str));
+      default = { };
      example = literalExpression ''
        {
          disable-ccid = true;
@@ -207,6 +203,41 @@ in
      '';
    };

+    dirmngrSettings = mkOption {
+      type = types.attrsOf (types.either primitiveType (types.listOf types.str));
+      default = { };
+      example = literalExpression ''
+        {
+          allow-version-check = true;
+          keyserver = "ldaps://ldap.example.com";
+        }
+      '';
+      description = ''
+        Dirmngr configuration options. Available options are described
+        in
+        [
+          {manpage}`dirmngr(1)`
+        ](https://www.gnupg.org/documentation/manuals/gnupg/Dirmngr-Options.html)
+      '';
+    };
+
+    gpgsmSettings = mkOption {
+      type = types.attrsOf (types.either primitiveType (types.listOf types.str));
+      default = { };
+      example = literalExpression ''
+        {
+          with-key-data = true;
+        }
+      '';
+      description = ''
+        GPGSM configuration options. Available options are described
+        in
+        [
+          {manpage}`gpgsm(1)`
+        ](https://www.gnupg.org/documentation/manuals/gnupg/GPGSM-Options.html)
+      '';
+    };
+
    homedir = mkOption {
      type = types.path;
      example = literalExpression ''"''${config.xdg.dataHome}/gnupg"'';
@@ -278,18 +309,26 @@ in
      no-symkey-cache = mkDefault true;
    };

-    programs.gpg.scdaemonSettings = {
-      # no defaults for scdaemon
-    };
-
    home.packages = [ cfg.package ];
    home.sessionVariables = {
      GNUPGHOME = cfg.homedir;
    };

-    home.file."${cfg.homedir}/gpg.conf".text = cfgText;
+    home.file."${cfg.homedir}/gpg.conf" = mkIf (cfg.settings != { }) {
+      text = toKeyValue cfg.settings;
+    };

-    home.file."${cfg.homedir}/scdaemon.conf".text = scdaemonCfgText;
+    home.file."${cfg.homedir}/scdaemon.conf" = mkIf (cfg.scdaemonSettings != { }) {
+      text = toKeyValue cfg.scdaemonSettings;
+    };
+
+    home.file."${cfg.homedir}/dirmngr.conf" = mkIf (cfg.dirmngrSettings != { }) {
+      text = toKeyValue cfg.dirmngrSettings;
+    };
+
+    home.file."${cfg.homedir}/gpgsm.conf" = mkIf (cfg.gpgsmSettings != { }) {
+      text = toKeyValue cfg.gpgsmSettings;
+    };

    # Link keyring if keys are not mutable
    home.file."${cfg.homedir}/pubring.kbx" = mkIf (!cfg.mutableKeys && cfg.publicKeys != [ ]) {
--- a/tests/modules/programs/gpg/default.nix
+++ b/tests/modules/programs/gpg/default.nix
@@ -3,4 +3,5 @@
  gpg-mutable-keyfiles = ./mutable-keyfiles.nix;
  gpg-multiple-keys-trust = ./multiple-keys-trust.nix;
  gpg-override-defaults = ./override-defaults.nix;
+  gpg-other-settings = ./other-settings.nix;
 }
--- a/tests/modules/programs/gpg/other-dirmngr.conf
+++ b/tests/modules/programs/gpg/other-dirmngr.conf
@@ -0,0 +1,2 @@
+keyserver ldaps://ldap.example.com
+use-tor
--- a/tests/modules/programs/gpg/other-gpgsm.conf
+++ b/tests/modules/programs/gpg/other-gpgsm.conf
@@ -0,0 +1,3 @@
+cipher-algo AES256
+validation-model steed
+with-md5-fingerprint
--- a/tests/modules/programs/gpg/other-scdaemon.conf
+++ b/tests/modules/programs/gpg/other-scdaemon.conf
@@ -0,0 +1,3 @@
+application-priority openpgp p15 sc-hsm nks geldkarte dinsig
+disable-ccid
+reader-port 32769
--- a/tests/modules/programs/gpg/other-settings.nix
+++ b/tests/modules/programs/gpg/other-settings.nix
@@ -0,0 +1,32 @@
+{
+  programs.gpg = {
+    enable = true;
+
+    scdaemonSettings = {
+      disable-ccid = true;
+      reader-port = "32769";
+      application-priority = "openpgp p15 sc-hsm nks geldkarte dinsig";
+    };
+
+    dirmngrSettings = {
+      use-tor = true;
+      keyserver = "ldaps://ldap.example.com";
+    };
+
+    gpgsmSettings = {
+      cipher-algo = "AES256";
+      with-md5-fingerprint = true;
+      validation-model = "steed";
+    };
+  };
+
+  nmt.script = ''
+    assertFileExists home-files/.gnupg/scdaemon.conf
+    assertFileExists home-files/.gnupg/dirmngr.conf
+    assertFileExists home-files/.gnupg/gpgsm.conf
+
+    assertFileContent home-files/.gnupg/scdaemon.conf ${./other-scdaemon.conf}
+    assertFileContent home-files/.gnupg/dirmngr.conf ${./other-dirmngr.conf}
+    assertFileContent home-files/.gnupg/gpgsm.conf ${./other-gpgsm.conf}
+  '';
+}