mirror of
https://codeberg.org/leana8959/.files.git
synced 2026-02-01 14:39:39 +00:00
59 lines
1.6 KiB
Nix
59 lines
1.6 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
services = {
|
|
gpg-agent.defaultCacheTtl = 1209600;
|
|
gpg-agent.pinentry.package = pkgs.pinentry-tty;
|
|
};
|
|
|
|
# Fun video btw
|
|
# https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
|
|
programs.gpg.publicKeys =
|
|
let
|
|
fromUrl =
|
|
{
|
|
url,
|
|
hash,
|
|
# https://security.stackexchange.com/a/69089
|
|
# One lower than ultimate (introducer in the web of trust) is good enough.
|
|
trust ? 4,
|
|
}:
|
|
{
|
|
source = pkgs.fetchurl { inherit url hash; };
|
|
inherit trust;
|
|
};
|
|
|
|
github =
|
|
{ user, ... }@args:
|
|
fromUrl (builtins.removeAttrs args [ "user" ] // { url = "https://github.com/${user}.gpg"; });
|
|
in
|
|
map github [
|
|
# Do not depend on my own forgejo instance / self-host server to avoid a single point of failure
|
|
{
|
|
user = "leana8959";
|
|
hash = "sha256-Y+v/8bLkyUIe4vjToChQP3ChPxRV/DqI72OTsx6F0oo=";
|
|
trust = 5;
|
|
}
|
|
{
|
|
user = "vanilla-extracts";
|
|
hash = "sha256-6JulBVFmbOHAI7tHiS0Q7L5oQVOXtkUmOLz3+Yz27ec=";
|
|
}
|
|
{
|
|
user = "jappeace";
|
|
hash = "sha256-wJ4hiE7M7dcEMaE8waNZEi+tybpVIsFzoeDJhIIaLhk=";
|
|
}
|
|
{
|
|
user = "confusedkernel";
|
|
hash = "sha256-9DdtDAcv+2Z0jJMSLAXbp5ne8uHYj5V/lNGi0kKSdv4=";
|
|
}
|
|
{
|
|
user = "gautaz";
|
|
hash = "sha256-j0I9l8uKfzKNrc2qveFi5mkRppxL36+BUEqvFPs6vqA=";
|
|
}
|
|
]
|
|
++ map fromUrl [
|
|
{
|
|
url = "https://eragon.re/pubkey.asc";
|
|
hash = "sha256-xvNB+BxqxHqdVBnMhzX3eenN3KmjmdATFPHkPUGweAA=";
|
|
}
|
|
];
|
|
}
|