From 227c71026567afff786c8d33bbb7ccef1aea9d8d Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Fri, 2 Aug 2024 17:24:25 +0200
Subject: [PATCH] home/gpg: create key refresh timer and add keyservers

---
 home/home.nix                              |  2 +-
 home/programs/gpg/auto-refresh-keys.nix    | 61 ++++++++++++++++++++++
 home/programs/{gpg.nix => gpg/default.nix} | 19 ++++---
 3 files changed, 75 insertions(+), 7 deletions(-)
 create mode 100644 home/programs/gpg/auto-refresh-keys.nix
 rename home/programs/{gpg.nix => gpg/default.nix} (58%)

diff --git a/home/home.nix b/home/home.nix
index d931916..1b0e48a 100644
--- a/home/home.nix
+++ b/home/home.nix
@@ -15,7 +15,7 @@ in {
     ./programs/gdb.nix
     ./programs/gh.nix
     ./programs/git
-    ./programs/gpg.nix
+    ./programs/gpg
     ./programs/less.nix
     ./programs/neovim.nix
     ./programs/tmux.nix
diff --git a/home/programs/gpg/auto-refresh-keys.nix b/home/programs/gpg/auto-refresh-keys.nix
new file mode 100644
index 0000000..3d5ef67
--- /dev/null
+++ b/home/programs/gpg/auto-refresh-keys.nix
@@ -0,0 +1,61 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.gpg;
+in
+{
+  options = {
+    programs.gpg.auto-refresh-keys = {
+      enable = lib.mkEnableOption "a timer that automatically refreshes your gpg keys";
+      frequency = lib.mkOption {
+        default = "daily";
+        type = lib.types.str;
+        description = ''
+          How often to refresh keys.
+
+          :::{.note}
+            This value is passed to the systemd
+            timer configuration as the onCalendar option.  See
+            {manpage}`systemd.time(7)`
+            for more information about the format.
+          :::
+        '';
+      };
+    };
+  };
+
+  config = {
+    systemd.user.services.gpg-refresh-keys = lib.mkIf cfg.auto-refresh-keys.enable {
+      Unit = {
+        Description = "Refresh gpg keys";
+        Documentation = [ "man:gpg(1)" ];
+      };
+
+      Service = {
+        Type = "oneshot";
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+        ExecStart = "${lib.getExe cfg.package} --refresh-keys";
+        Environment = [
+          "GNUPGHOME=${cfg.homedir}"
+        ];
+      };
+    };
+
+    systemd.user.timers.gpg-refresh-keys = lib.mkIf cfg.auto-refresh-keys.enable {
+      Unit = {
+        Description = "Refresh gpg keys";
+        Documentation = [ "man:gpg(1)" ];
+      };
+
+      Timer = {
+        Unit = "gpg-refresh-keys.service";
+        OnCalendar = cfg.auto-refresh-keys.frequency;
+        Persistent = true;
+      };
+
+      Install = {
+        WantedBy = [ "timers.target" ];
+      };
+    };
+  };
+}
diff --git a/home/programs/gpg.nix b/home/programs/gpg/default.nix
similarity index 58%
rename from home/programs/gpg.nix
rename to home/programs/gpg/default.nix
index 20819cb..52aa597 100644
--- a/home/programs/gpg.nix
+++ b/home/programs/gpg/default.nix
@@ -1,15 +1,22 @@
 { pkgs, config, ... }:
 {
+  imports = [
+    ./auto-refresh-keys.nix
+  ];
+
   programs.gpg = {
     enable = true;
     homedir = "${config.xdg.configHome}/gnupg";
-    # TODO: declare public keys and trust declaratively
-    # mutableKeys = false;
-    # mutableTrust = false;
-    # publicKeys = [];
-    # settings = {
 
-    # };
+    auto-refresh-keys.enable = true;
+
+    settings = {
+      keyserver = [
+        "hkps://keys.openpgp.org"
+        "hkps://keyserver.ubuntu.com"
+        "hkps://pgp.mit.edu"
+      ];
+    };
   };
 
   services.gpg-agent = {