pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2026-02-22 21:05:44 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

gnupg: add package option to allow custom gnupg versions

Browse source 
Add sops.gnupg.package option to NixOS, home-manager, and nix-darwin
modules, allowing users to specify a custom gnupg package instead of
the default pkgs.gnupg.

This enables use of bleeding-edge GPG versions with post-quantum
encryption algorithms like Kyber, addressing "store now, decrypt
later" threat models.
This commit is contained in:
Fabrizio Romano Genovese 2025-12-16 14:40:39 +01:00 committed by Jörg Thalheim
parent 57e2d9ef84
commit 39c667d73c
3 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/nix-darwin/default.nix
View file

@ -320,6 +320,15 @@ in
'';
};
package = lib.mkOption {
type = lib.types.package;
default = pkgs.gnupg;
defaultText = lib.literalExpression "pkgs.gnupg";
description = ''
The gnupg package to use for sops operations.
'';
};
sshKeyPaths = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = defaultImportKeys "rsa";
@ -384,7 +393,7 @@ in
{
sops.environment.SOPS_GPG_EXEC = lib.mkIf (cfg.gnupg.home != null || cfg.gnupg.sshKeyPaths != [ ]) (
lib.mkDefault "${pkgs.gnupg}/bin/gpg"
lib.mkDefault "${cfg.gnupg.package}/bin/gpg"
);
}
];