home/gpg: add timer for updating trust-db

home/programs/gpg/auto-update-trust-db.nix

@@ -0,0 +1,61 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.programs.gpg;
+in
+{
+  options = {
+    programs.gpg.auto-update-trust-db = {
+      enable = lib.mkEnableOption "a timer that automatically updates your trust db";
+      frequency = lib.mkOption {
+        default = "daily";
+        type = lib.types.str;
+        description = ''
+          How often to update trust db
+
+          :::{.note}
+            This value is passed to the systemd
+            timer configuration as the onCalendar option.  See
+            {manpage}`systemd.time(7)`
+            for more information about the format.
+          :::
+        '';
+      };
+    };
+  };
+
+  config = {
+    systemd.user.services.update-trust-db = lib.mkIf cfg.auto-update-trust-db.enable {
+      Unit = {
+        Description = "Update gpg trust database";
+        Documentation = [ "man:gpg(1)" ];
+      };
+
+      Service = {
+        Type = "oneshot";
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+        ExecStart = "${lib.getExe cfg.package} --update-trustdb";
+        Environment = [
+          "GNUPGHOME=${cfg.homedir}"
+        ];
+      };
+    };
+
+    systemd.user.timers.gpg-refresh-keys = lib.mkIf cfg.auto-update-trust-db.enable {
+      Unit = {
+        Description = "Update gpg trust database";
+        Documentation = [ "man:gpg(1)" ];
+      };
+
+      Timer = {
+        Unit = "update-trust-db.service";
+        OnCalendar = cfg.auto-update-trust-db.frequency;
+        Persistent = true;
+      };
+
+      Install = {
+        WantedBy = [ "timers.target" ];
+      };
+    };
+  };
+}

home/programs/gpg/default.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ./auto-refresh-keys.nix
+    ./auto-update-trust-db.nix
     ./declarative-key-fetcher.nix
   ];