Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

programs.gpg.enable

Whether to enable GnuPG.

Type: boolean

Default:

false

Example:

true

Declared by:

programs.gpg.package

The gnupg package to use. Also used by the gpg-agent service.

Type: package

Default:

pkgs.gnupg

Example:

pkgs.gnupg23

Declared by:

programs.gpg.dirmngrSettings

Dirmngr configuration options. Available options are described in dirmngr(1)

Type: attribute set of (string or boolean or list of string)

Default:

{ }

Example:

{
  allow-version-check = true;
  keyserver = "ldaps://ldap.example.com";
}

Declared by:

programs.gpg.gpgsmSettings

GPGSM configuration options. Available options are described in gpgsm(1)

Type: attribute set of (string or boolean or list of string)

Default:

{ }

Example:

{
  with-key-data = true;
}

Declared by:

programs.gpg.homedir

Directory to store keychains and configuration.

Type: absolute path

Default:

"${config.home.homeDirectory}/.gnupg"

Example:

"${config.xdg.dataHome}/gnupg"

Declared by:

programs.gpg.mutableKeys

If set to true, you may manage your keyring as a user using the gpg command. Upon activation, the keyring will have managed keys added without overwriting unmanaged keys.

If set to false, the path $GNUPGHOME/pubring.kbx will become an immutable link to the Nix store, denying modifications.

Type: boolean

Default:

true

Declared by:

programs.gpg.mutableTrust

If set to true, you may manage trust as a user using the gpg command. Upon activation, trusted keys have their trust set without overwriting unmanaged keys.

If set to false, the path $GNUPGHOME/trustdb.gpg will be overwritten on each activation, removing trust for any unmanaged keys. Be careful to make a backup of your old trustdb.gpg before switching to immutable trust!

Type: boolean

Default:

true

Declared by:

programs.gpg.publicKeys

A list of public keys to be imported into GnuPG. Note, these key files will be copied into the world-readable Nix store.

Type: list of (submodule)

Default:

[ ]

Example:

[ { source = ./pubkeys.txt; } ]

Declared by:

programs.gpg.publicKeys.*.source

Path of an OpenPGP public key file.

Type: absolute path

Declared by:

programs.gpg.publicKeys.*.text

Text of an OpenPGP public key.

Type: null or string

Default:

null

Declared by:

programs.gpg.publicKeys.*.trust

The amount of trust you have in the key ownership and the care the owner puts into signing other keys. The available levels are

  • unknown or 1

    I don’t know or won’t say.

  • never or 2

    I do not trust.

  • marginal or 3

    I trust marginally.

  • full or 4

    I trust fully.

  • ultimate or 5

    I trust ultimately.

See the Key Management chapter of the GNU Privacy Handbook for more.

Type: null or one of “unknown”, 1, “never”, 2, “marginal”, 3, “full”, 4, “ultimate”, 5

Default:

null

Declared by:

programs.gpg.scdaemonSettings

SCdaemon configuration options. Available options are described in scdaemon(1) .

Type: attribute set of (string or boolean or list of string)

Default:

{ }

Example:

{
  disable-ccid = true;
}

Declared by:

programs.gpg.settings

GnuPG configuration options. Available options are described in gpg(1) .

Note that lists are converted to duplicate keys.

Type: attribute set of (string or boolean or list of string)

Default:

{ }

Example:

{
  no-comments = false;
  s2k-cipher-algo = "AES128";
}

Declared by: