From 340d839c2c4ff47ce047e63969c43393b7a335dc Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Tue, 12 Sep 2023 11:07:44 +0200
Subject: Always encrypt to default key as well

Allow specifying a default key for GnuPG, to which it will encrypt
everything. This allows me to still read me sent encrypted mail in aerc.

See also:
https://lists.sr.ht/~rjarry/aerc-discuss/%3CCUMGQ2JG8G0P.YIQ497JVC3AW%40nixos%3E
---
 tw/home.scm | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

(limited to 'tw/home.scm')

diff --git a/tw/home.scm b/tw/home.scm
index e6a39afc..026c41d8 100644
--- a/tw/home.scm
+++ b/tw/home.scm
@@ -49,7 +49,7 @@
    zsh-syntax-highlighting zsh-completions))
 
 (export gnupg-services)   ; there doesn't seem to be a `define*-public' macro
-(define* (gnupg-services #:key gui-pinentry?)
+(define* (gnupg-services default-key #:key gui-pinentry?)
   (list
    (simple-service 'gnupg-config home-files-service-type
      `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config,
@@ -57,7 +57,26 @@
        (".local/share/gnupg/dirmngr.conf"
         ,(plain-file "dirmngr.conf" "keyserver hkps://keys.openpgp.org"))
        (".local/share/gnupg/gpg.conf"
-        ,(local-file "home/files/gpg.conf"))
+        ,(mixed-text-file "gpg.conf" "\
+# This options file can contain any long options to GnuPG.
+# See the gpg man page for a list of options.
+
+default-key " default-key "
+default-recipient-self
+use-agent
+no-greeting   # get rid of the copyright notice
+# Always encrypt to my key as well, in addition to any recipient.
+encrypt-to " default-key "
+auto-key-import
+auto-key-retrieve
+photo-viewer \"" imv "/bin/imv %i\"
+
+# Because some mailers change lines starting with 'From ' to '>From '
+# it is good to handle such lines in a special way when creating
+# cleartext signatures; all other PGP versions do it this way too.
+# To enable full OpenPGP compliance you may want to use this option.
+#no-escape-from-lines
+"))
        (".local/share/gnupg/gpg-agent.conf"
         ,(mixed-text-file "gpg-agent.conf" "\
 pinentry-program " (if gui-pinentry?
@@ -435,7 +454,7 @@ show_border=1
 "))
 
 (define-public %interactive-services
-  (cons*
+  (list
    ;; Configuration files for terminal-only programs in $XDG_CONFIG_HOME.
    (simple-service 'interactive-terminal-config home-xdg-configuration-files-service-type
      `(;; All alibuild needs is an empty file.
@@ -590,9 +609,7 @@ show_border=1
        (".local/bin/passmenu" ,(local-file "home/files/passmenu" #:recursive? #t))
        (".local/bin/volume" ,(local-file "home/files/volume" #:recursive? #t))
        (".local/share/applications/emacsclient.desktop"
-        ,(local-file "home/files/emacsclient.desktop"))))
-
-   (gnupg-services #:gui-pinentry? #t)))
+        ,(local-file "home/files/emacsclient.desktop"))))))
 
 (define gitconfig-includes
   (match-lambda
-- 
cgit v1.2.3