diff options
| author | Efraim Flashner <efraim@flashner.co.il> | 2023-07-24 21:57:27 +0300 |
|---|---|---|
| committer | Efraim Flashner <efraim@flashner.co.il> | 2023-09-04 11:11:58 +0300 |
| commit | 1af35bbb25b122cafddfd2f69b644d46c4beff85 (patch) | |
| tree | 9306a6d607f598795331ae2e96a36f8ccce30f62 /doc | |
| parent | 209cdc81fd0c671f622cead5ee242938d1e48bea (diff) | |
| download | guix-1af35bbb25b122cafddfd2f69b644d46c4beff85.tar guix-1af35bbb25b122cafddfd2f69b644d46c4beff85.tar.gz | |
home: Add parcimonie service.
* gnu/home/services/gnupg.scm (home-parcimonie-service-type,
home-parcimonie-configuration): New variables.
* doc/guix.texi (GNU Privacy Guard): Document it.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guix.texi | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 464060f42c..9e79641736 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -43944,6 +43944,62 @@ Extra content appended as-is to this @code{Host} block in @end deftp +@cindex Parcimonie, Home service +The @code{parcimonie} service runs a daemon that slowly refreshes a GnuPG +public key from a keyserver. It refreshes one key at a time; between every +key update parcimonie sleeps a random amount of time, long enough for the +previously used Tor circuit to expire. This process is meant to make it hard +for an attacker to correlate the multiple key update. + +As an example, here is how you would configure @code{parcimonie} to refresh the +keys in your GnuPG keyring, as well as those keyrings created by Guix, such as +when running @code{guix import}: + +@lisp +(service home-parcimonie-service-type + (home-parcimonie-configuration + (refresh-guix-keyrings? #t))) +@end lisp + +This assumes that the Tor anonymous routing daemon is already running on your +system. On Guix System, this can be achieved by setting up +@code{tor-service-type} (@pxref{Networking Services, @code{tor-service-type}}). + +The service reference is given below. + +@defvar parcimonie-service-type +This is the service type for @command{parcimonie} +(@uref{https://salsa.debian.org/intrigeri/parcimonie, Parcimonie's web site}). +Its value must be a @code{home-parcimonie-configuration}, as shown below. +@end defvar + +@c %start of fragment + +@deftp {Data Table} home-parcimonie-configuration +Available @code{home-parcimonie-configuration} fields are: + +@table @asis +@item @code{parcimonie} (default: @code{parcimonie}) (type: file-like) +The parcimonie package to use. + +@item @code{verbose?} (default: @code{#f}) (type: boolean) +Whether to have more verbose logging from the service. + +@item @code{gnupg-already-torified?} (default: @code{#f}) (type: boolean) +Whether GnuPG is already configured to pass all traffic through +@uref{https://torproject.org, Tor}. + +@item @code{refresh-guix-keyrings?} (default: @code{#f}) (type: boolean) +Guix creates a few keyrings in the @var{$XDG_CONFIG_DIR}, such as when running +@code{guix import} (@pxref{Invoking guix import}). Setting this to @code{#t} +will also refresh any keyrings which Guix has created. + +@item @code{extra-content} (default: @code{#f}) (type: raw-configuration-string) +Raw content to add to the parcimonie command. + +@end table + +@end deftp @c %end of fragment |