complete-computing-environment/gnupg_configuration.org

:PROPERTIES:
:ID:       cce/gnupg_configuration
:ROAM_ALIASES: "GPG Configuration"
:END:
#+TITLE: GnuPG Configuration
#+filetags: :CCE:Emacs:System:
#+ARCOLOGY_KEY: cce/gnupg
#+ARROYO_MODULE_WANTS: cce/configure_packaging.org

#+PROPERTY: header-args            :mkdirp yes :results none
#+PROPERTY: header-args:emacs-lisp :tangle gnupg.el
#+PROPERTY: header-args:yaml       :tangle roles/endpoint/tasks/gnupg.yml

#+ARROYO_EMACS_MODULE: gnupg
#+CCE_PREDICATE: (cce/using-linux)
#+CCE_PRIORITY: 30
#+ARROYO_HOME_MODULE: hm/gnupg.nix
#+ARCOLOGY_ALLOW_CRAWL: t

I use =gpg2= everywhere, including in Emacs.

#+BEGIN_SRC emacs-lisp
(provide 'cce/gnupg)
(setq epg-gpg-program "gpg2")
#+END_SRC

* nix

This is for [[id:cce/home-manager][home-manager]]:

#+begin_src nix :tangle ~/arroyo-nix/hm/gnupg.nix
{ pkgs, ... }:

{
  programs.gpg.enable = true;
  programs.gpg.settings = {
    # default-key = "a5fce951";
    cert-policy-url = "http://whatthefuck.computer/new-key.txt";
    auto-key-locate = "keyserver cert pka";
    keyserver = "hkp://pool.sks-keyservers.net";
    keyid-format = "0xlong";
  };
  
  services.gpg-agent.enable = true;
  services.gpg-agent.enableScDaemon = true;
  services.gpg-agent.enableSshSupport = true;
  services.gpg-agent.defaultCacheTtl = 43200;
  
  services.gpg-agent.pinentryFlavor = "qt";
}
#+end_src

This is for PAM in [[id:cce/my_nixos_configuration][My NixOS configuration]]:

#+ARROYO_NIXOS_MODULE: nixos/gnupg-pam.nix
#+ARROYO_SYSTEM_EXCLUDE: waterboy
#+begin_src nix :tangle ~/arroyo-nix/nixos/gnupg-pam.nix
{ pkgs, ... }:

{
  environment.systemPackages = [ pkgs.gnupg ];
  security.pam.services.login.gnupg.enable = true;
}
#+end_src