starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-25 10:18:37 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: use gpg only for pass & ssh, make public keys & trust immutable

Browse Source
This commit is contained in:
Ryan Yin
2024-01-27 17:14:14 +08:00
parent a0e00c5453
commit 90cd503219
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
home/base/desktop/gpg/default.nix
View File

@@ -10,13 +10,13 @@
# #
# If set `mutableTrust` to false, the path $GNUPGHOME/trustdb.gpg will be overwritten on each activation. # If set `mutableTrust` to false, the path $GNUPGHOME/trustdb.gpg will be overwritten on each activation.
# Thus we can only update trsutedb.gpg via home-manager. # Thus we can only update trsutedb.gpg via home-manager.
mutableTrust = true; mutableTrust = false;
# $GNUPGHOME/pubring.kbx stores all the public keys you specified in `programs.gpg.publicKeys` option. # $GNUPGHOME/pubring.kbx stores all the public keys you specified in `programs.gpg.publicKeys` option.
# #
# If set `mutableKeys` to false, the path $GNUPGHOME/pubring.kbx will become an immutable link to the Nix store, denying modifications. # If set `mutableKeys` to false, the path $GNUPGHOME/pubring.kbx will become an immutable link to the Nix store, denying modifications.
# Thus we can only update pubring.kbx via home-manager # Thus we can only update pubring.kbx via home-manager
mutableKeys = true; mutableKeys = false;
publicKeys = [ publicKeys = [
# https://www.gnupg.org/gph/en/manual/x334.html # https://www.gnupg.org/gph/en/manual/x334.html
# { # {