5 files changed, 40 insertions, 0 deletions

diff --git a/config/gnupg/default.nix b/config/gnupg/default.nix
new file mode 100644
index 000000000000..a5a7b9b309c6
--- /dev/null
+++ b/config/gnupg/default.nix
@@ -0,0 +1,5 @@
+{ configTools, gnupg }:
+
+configTools.setEnv gnupg "gpg" {
+  GNUPGHOME = "$HOME/state/gnupg";
+}
diff --git a/config/gnupg/dirmngr.conf b/config/gnupg/dirmngr.conf
new file mode 100644
index 000000000000..9b7105671236
--- /dev/null
+++ b/config/gnupg/dirmngr.conf
@@ -0,0 +1 @@
+keyserver hkps://keyserver.ubuntu.com
diff --git a/config/gnupg/gpg-agent.conf.nix b/config/gnupg/gpg-agent.conf.nix
new file mode 100644
index 000000000000..36b2f196bfa4
--- /dev/null
+++ b/config/gnupg/gpg-agent.conf.nix
@@ -0,0 +1,9 @@
+{ stdenv, lib, pinentry_mac }:
+
+''
+${lib.optionalString stdenv.isDarwin ''
+  pinentry-program ${lib.concatStringsSep "/"
+    [ pinentry_mac "Applications" "pinentry-mac.app" "Contents" "MacOS"
+      "pinentry-mac" ]}
+''}
+''
diff --git a/config/gnupg/gpg.conf b/config/gnupg/gpg.conf
new file mode 100644
index 000000000000..ec69a24559bb
--- /dev/null
+++ b/config/gnupg/gpg.conf
@@ -0,0 +1,2 @@
+auto-key-retrieve
+ask-cert-level
diff --git a/config/gnupg/module.nix b/config/gnupg/module.nix
new file mode 100644
index 000000000000..d134443df70f
--- /dev/null
+++ b/config/gnupg/module.nix
@@ -0,0 +1,23 @@
+{ pkgs, lib, ... }:
+
+let
+  inherit (pkgs) callPackage writeText;
+  inherit (lib) concatStringsSep mapAttrsToList;
+
+  configs = {
+    "gpg.conf" = ./gpg.conf;
+    "gpg-agent.conf" = writeText "gpg-agent.conf"
+                         (callPackage ./gpg-agent.conf.nix {});
+    "dirmngr.conf" = ./dirmngr.conf;
+  };
+
+in
+  {
+    home.qyliss.dirs."state/gnupg".activationScripts.config = ''
+      ${concatStringsSep "\n" (mapAttrsToList (name: path: ''
+        ln -sf ${path} ${name}
+      '') configs)}
+    '';
+
+    environment.systemPackages = with pkgs.pkgsConfigured; [ gnupg ];
+  }