From 90cd503219b029ff2267522739f08ae9fbc9f62f Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Sat, 27 Jan 2024 17:14:14 +0800
Subject: [PATCH] feat: use gpg only for pass & ssh, make public keys & trust
 immutable

---
 home/base/desktop/gpg/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/home/base/desktop/gpg/default.nix b/home/base/desktop/gpg/default.nix
index a4b11c15..4ab8b50c 100644
--- a/home/base/desktop/gpg/default.nix
+++ b/home/base/desktop/gpg/default.nix
@@ -10,13 +10,13 @@
     #
     # If set `mutableTrust` to false, the path $GNUPGHOME/trustdb.gpg will be overwritten on each activation.
     # Thus we can only update trsutedb.gpg via home-manager.
-    mutableTrust = true;
+    mutableTrust = false;
 
     # $GNUPGHOME/pubring.kbx stores all the public keys you specified in `programs.gpg.publicKeys` option.
     #
     # If set `mutableKeys` to false, the path $GNUPGHOME/pubring.kbx will become an immutable link to the Nix store, denying modifications.
     # Thus we can only update pubring.kbx via home-manager
-    mutableKeys = true;
+    mutableKeys = false;
     publicKeys = [
       # https://www.gnupg.org/gph/en/manual/x334.html
       # {