diff --git a/home/programs/gpg/auto-update-trust-db.nix b/home/programs/gpg/auto-update-trust-db.nix new file mode 100644 index 0000000..cb61fb2 --- /dev/null +++ b/home/programs/gpg/auto-update-trust-db.nix @@ -0,0 +1,61 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.programs.gpg; +in +{ + options = { + programs.gpg.auto-update-trust-db = { + enable = lib.mkEnableOption "a timer that automatically updates your trust db"; + frequency = lib.mkOption { + default = "daily"; + type = lib.types.str; + description = '' + How often to update trust db + + :::{.note} + This value is passed to the systemd + timer configuration as the onCalendar option. See + {manpage}`systemd.time(7)` + for more information about the format. + ::: + ''; + }; + }; + }; + + config = { + systemd.user.services.update-trust-db = lib.mkIf cfg.auto-update-trust-db.enable { + Unit = { + Description = "Update gpg trust database"; + Documentation = [ "man:gpg(1)" ]; + }; + + Service = { + Type = "oneshot"; + CPUSchedulingPolicy = "idle"; + IOSchedulingClass = "idle"; + ExecStart = "${lib.getExe cfg.package} --update-trustdb"; + Environment = [ + "GNUPGHOME=${cfg.homedir}" + ]; + }; + }; + + systemd.user.timers.gpg-refresh-keys = lib.mkIf cfg.auto-update-trust-db.enable { + Unit = { + Description = "Update gpg trust database"; + Documentation = [ "man:gpg(1)" ]; + }; + + Timer = { + Unit = "update-trust-db.service"; + OnCalendar = cfg.auto-update-trust-db.frequency; + Persistent = true; + }; + + Install = { + WantedBy = [ "timers.target" ]; + }; + }; + }; +} diff --git a/home/programs/gpg/default.nix b/home/programs/gpg/default.nix index e058184..c325445 100644 --- a/home/programs/gpg/default.nix +++ b/home/programs/gpg/default.nix @@ -2,6 +2,7 @@ { imports = [ ./auto-refresh-keys.nix + ./auto-update-trust-db.nix ./declarative-key-fetcher.nix ];