Home-manager import public key from keyserver

harvey · January 20, 2024, 4:18pm

Hi,

Does anyone have any advice on using home-manger to automatically pull gpg public keys from a key-server and set ultimate trust?

I’ve tried:

gpgKey = pkgs.fetchurl {
  url = "https://xyz.....";
  sha256 = "xx";
};

Later followed by:

programs.gpg = {
  enable = true;
  publicKeys = [
    {source = ${gpgKey}; trust = 5;}
  ];
};

I receive the error “syntax error, unexpected DOLLAR_CURLY”

Tried several variation without luck. Any examples or suggestions? Thanks

zarel · January 20, 2024, 5:13pm

fetchUrl returns a derivation and programs.gpg.publicKeys.*.source expects a path, so you can either use gpgKey.outPath or - most common- put the derivation in a string interpolation, so "${gpgKey}".

tldr: try putting double quotes around ${gpgKey}

harvey · January 20, 2024, 6:23pm

Thank you @zarel. Simple yet perfect