nix-config/home/gpg/macos.nix

44 lines
1.1 KiB
Nix

{ config, pkgs, ... }:
let
pinentry =
"${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac";
in {
home.packages = [ pkgs.gnupg pkgs.pinentry_mac ];
home.file.".gnupg/gpg-agent.conf".text = ''
enable-ssh-support
default-cache-ttl 60
max-cache-ttl 120
display :0
pinentry-program ${pinentry}
log-file ${config.home.homeDirectory}/.local/var/log/gpg-agent.log
'';
home.file.".gnupg/gpg.conf".text = ''
personal-cipher-preferences AES256 AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
cert-digest-algo SHA512
s2k-digest-algo SHA512
s2k-cipher-algo AES256
charset utf-8
fixed-list-mode
no-comments
no-emit-version
keyid-format 0xlong
list-options show-uid-validity
verify-options show-uid-validity
with-fingerprint
require-cross-certification
use-agent
'';
home.file.".gnupg/scdaemon.conf".text = ''
disable-ccid
reader-port "Yubico YubiKey OTP+FIDO+CCID"
'';
}