From 340d839c2c4ff47ce047e63969c43393b7a335dc Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Tue, 12 Sep 2023 11:07:44 +0200
Subject: Always encrypt to default key as well

Allow specifying a default key for GnuPG, to which it will encrypt
everything. This allows me to still read me sent encrypted mail in aerc.

See also:
https://lists.sr.ht/~rjarry/aerc-discuss/%3CCUMGQ2JG8G0P.YIQ497JVC3AW%40nixos%3E
---
 tw/home.scm            | 29 +++++++++++++++++++++++------
 tw/home/cern.scm       |  3 ++-
 tw/home/files/gpg.conf | 25 -------------------------
 tw/home/lap.scm        |  3 ++-
 4 files changed, 27 insertions(+), 33 deletions(-)
 delete mode 100644 tw/home/files/gpg.conf

diff --git a/tw/home.scm b/tw/home.scm
index e6a39afc..026c41d8 100644
--- a/tw/home.scm
+++ b/tw/home.scm
@@ -49,7 +49,7 @@
    zsh-syntax-highlighting zsh-completions))
 
 (export gnupg-services)   ; there doesn't seem to be a `define*-public' macro
-(define* (gnupg-services #:key gui-pinentry?)
+(define* (gnupg-services default-key #:key gui-pinentry?)
   (list
    (simple-service 'gnupg-config home-files-service-type
      `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config,
@@ -57,7 +57,26 @@
        (".local/share/gnupg/dirmngr.conf"
         ,(plain-file "dirmngr.conf" "keyserver hkps://keys.openpgp.org"))
        (".local/share/gnupg/gpg.conf"
-        ,(local-file "home/files/gpg.conf"))
+        ,(mixed-text-file "gpg.conf" "\
+# This options file can contain any long options to GnuPG.
+# See the gpg man page for a list of options.
+
+default-key " default-key "
+default-recipient-self
+use-agent
+no-greeting   # get rid of the copyright notice
+# Always encrypt to my key as well, in addition to any recipient.
+encrypt-to " default-key "
+auto-key-import
+auto-key-retrieve
+photo-viewer \"" imv "/bin/imv %i\"
+
+# Because some mailers change lines starting with 'From ' to '>From '
+# it is good to handle such lines in a special way when creating
+# cleartext signatures; all other PGP versions do it this way too.
+# To enable full OpenPGP compliance you may want to use this option.
+#no-escape-from-lines
+"))
        (".local/share/gnupg/gpg-agent.conf"
         ,(mixed-text-file "gpg-agent.conf" "\
 pinentry-program " (if gui-pinentry?
@@ -435,7 +454,7 @@ show_border=1
 "))
 
 (define-public %interactive-services
-  (cons*
+  (list
    ;; Configuration files for terminal-only programs in $XDG_CONFIG_HOME.
    (simple-service 'interactive-terminal-config home-xdg-configuration-files-service-type
      `(;; All alibuild needs is an empty file.
@@ -590,9 +609,7 @@ show_border=1
        (".local/bin/passmenu" ,(local-file "home/files/passmenu" #:recursive? #t))
        (".local/bin/volume" ,(local-file "home/files/volume" #:recursive? #t))
        (".local/share/applications/emacsclient.desktop"
-        ,(local-file "home/files/emacsclient.desktop"))))
-
-   (gnupg-services #:gui-pinentry? #t)))
+        ,(local-file "home/files/emacsclient.desktop"))))))
 
 (define gitconfig-includes
   (match-lambda
diff --git a/tw/home/cern.scm b/tw/home/cern.scm
index 71da61fa..f0dc7214 100644
--- a/tw/home/cern.scm
+++ b/tw/home/cern.scm
@@ -132,6 +132,7 @@
 
      (openssh-service #f)
 
-     (append %common-services %interactive-services pim-services)))))
+     (append %common-services %interactive-services pim-services
+             (gnupg-services "C2249BBE5E8761C943A0CFA1B7B3914BF63ACD7C" #:gui-pinentry? #t))))))
 
 %cern-home
diff --git a/tw/home/files/gpg.conf b/tw/home/files/gpg.conf
deleted file mode 100644
index ec688ebb..00000000
--- a/tw/home/files/gpg.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# Options for GnuPG
-#
-# An options file can contain any long options which are available in
-# GnuPG. If the first non white space character of a line is a '#',
-# this line is ignored.  Empty lines are also ignored.
-#
-# See the gpg man page for a list of options.
-
-default-key 53EC3C06856883DD92355BC22FC78504681F69B0
-default-recipient-self
-use-agent
-
-photo-viewer "imv %i"
-
-auto-key-import
-auto-key-retrieve
-
-# Because some mailers change lines starting with "From " to ">From "
-# it is good to handle such lines in a special way when creating
-# cleartext signatures; all other PGP versions do it this way too.
-# To enable full OpenPGP compliance you may want to use this option.
-#no-escape-from-lines
-
-# Get rid of the copyright notice
-no-greeting
diff --git a/tw/home/lap.scm b/tw/home/lap.scm
index e0f23c70..c166c75e 100644
--- a/tw/home/lap.scm
+++ b/tw/home/lap.scm
@@ -207,6 +207,7 @@
 
      (openssh-service #t)
 
-     (append pim-services %interactive-services %common-services)))))
+     (append pim-services %interactive-services %common-services
+             (gnupg-services "53EC3C06856883DD92355BC22FC78504681F69B0" #:gui-pinentry? #t))))))
 
 %lap-home
-- 
cgit v1.2.3