programs.gpg.enable
Whether to enable GnuPG.
Type: boolean
Default:
false
Example:
true
Declared by:
programs.gpg.package
The gnupg package to use. Also used by the gpg-agent service.
Type: package
Default:
pkgs.gnupg
Example:
pkgs.gnupg23
Declared by:
programs.gpg.dirmngrSettings
Dirmngr configuration options. Available options are described
in
dirmngr(1)
Type: attribute set of (string or boolean or list of string)
Default:
{ }
Example:
{
allow-version-check = true;
keyserver = "ldaps://ldap.example.com";
}
Declared by:
programs.gpg.gpgsmSettings
GPGSM configuration options. Available options are described
in
gpgsm(1)
Type: attribute set of (string or boolean or list of string)
Default:
{ }
Example:
{
with-key-data = true;
}
Declared by:
programs.gpg.homedir
Directory to store keychains and configuration.
Type: absolute path
Default:
"${config.home.homeDirectory}/.gnupg"
Example:
"${config.xdg.dataHome}/gnupg"
Declared by:
programs.gpg.mutableKeys
If set to true, you may manage your keyring as a user
using the gpg command. Upon activation, the keyring
will have managed keys added without overwriting unmanaged keys.
If set to false, the path
$GNUPGHOME/pubring.kbx will become an immutable
link to the Nix store, denying modifications.
Type: boolean
Default:
true
Declared by:
programs.gpg.mutableTrust
If set to true, you may manage trust as a user using
the gpg command. Upon activation, trusted keys have
their trust set without overwriting unmanaged keys.
If set to false, the path
$GNUPGHOME/trustdb.gpg will be
overwritten on each activation, removing trust for
any unmanaged keys. Be careful to make a backup of your old
trustdb.gpg before switching to immutable trust!
Type: boolean
Default:
true
Declared by:
programs.gpg.publicKeys
A list of public keys to be imported into GnuPG. Note, these key files will be copied into the world-readable Nix store.
Type: list of (submodule)
Default:
[ ]
Example:
[ { source = ./pubkeys.txt; } ]
Declared by:
programs.gpg.publicKeys.*.source
Path of an OpenPGP public key file.
Type: absolute path
Declared by:
programs.gpg.publicKeys.*.text
Text of an OpenPGP public key.
Type: null or string
Default:
null
Declared by:
programs.gpg.publicKeys.*.trust
The amount of trust you have in the key ownership and the care the owner puts into signing other keys. The available levels are
-
unknownor1I don’t know or won’t say.
-
neveror2I do not trust.
-
marginalor3I trust marginally.
-
fullor4I trust fully.
-
ultimateor5I trust ultimately.
See the Key Management chapter of the GNU Privacy Handbook for more.
Type: null or one of “unknown”, 1, “never”, 2, “marginal”, 3, “full”, 4, “ultimate”, 5
Default:
null
Declared by:
programs.gpg.scdaemonSettings
SCdaemon configuration options. Available options are described
in
scdaemon(1)
.
Type: attribute set of (string or boolean or list of string)
Default:
{ }
Example:
{
disable-ccid = true;
}
Declared by:
programs.gpg.settings
GnuPG configuration options. Available options are described
in
gpg(1)
.
Note that lists are converted to duplicate keys.
Type: attribute set of (string or boolean or list of string)
Default:
{ }
Example:
{
no-comments = false;
s2k-cipher-algo = "AES128";
}
Declared by: