From c7887694694de996c017c3ff6e202cec1cdca299 Mon Sep 17 00:00:00 2001
From: Henrik Lissner <git@henrik.io>
Date: Tue, 3 Dec 2024 18:01:46 -0500
Subject: [PATCH] refactor: move GPG defaults to :config default

Assuming GPG is present and set up by default can be surprising for
beginners, so this commit makes GPG integration opt-in, behind a new
+gnupg flag in the :config default module. There'll be more added to
this later.
---
 lisp/doom.el                      |  6 ----
 modules/config/default/README.org |  3 ++
 modules/config/default/config.el  | 53 +++++++++++++++++--------------
 3 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/lisp/doom.el b/lisp/doom.el
index f18a88a3f..c1564aa3c 100644
--- a/lisp/doom.el
+++ b/lisp/doom.el
@@ -590,12 +590,6 @@ uses a straight or package.el command directly).")
 ;; config (e.g. ~/.doom.d/).
 (setq custom-file (file-name-concat doom-user-dir "custom.el"))
 
-;; By default, Emacs stores `authinfo' in $HOME and in plain-text. Let's not do
-;; that, mkay? This file stores usernames, passwords, and other treasures for
-;; the aspiring malicious third party. You'll need a GPG setup though.
-(setq auth-sources (list (file-name-concat doom-profile-state-dir "authinfo.gpg")
-                         "~/.authinfo.gpg"))
-
 (define-advice en/disable-command (:around (fn &rest args) write-to-data-dir)
   "Save safe-local-variables to `custom-file' instead of `user-init-file'.
 
diff --git a/modules/config/default/README.org b/modules/config/default/README.org
index 2b0538070..82e323484 100644
--- a/modules/config/default/README.org
+++ b/modules/config/default/README.org
@@ -20,6 +20,9 @@ This module provides a set of reasonable defaults, including:
 
 ** Module flags
 - +bindings :: ...
+- +gnupg ::
+  Enable GnuPG integration and defaults, allowing Emacs to pick up on your
+  default GPG keys, including interop with pinentry-emacs.
 - +smartparens :: ...
 
 ** Packages
diff --git a/modules/config/default/config.el b/modules/config/default/config.el
index d3b862515..cf399b3b3 100644
--- a/modules/config/default/config.el
+++ b/modules/config/default/config.el
@@ -31,29 +31,36 @@
       avy-single-candidate-jump nil)
 
 
-(after! epa
-  ;; With GPG 2.1+, this forces gpg-agent to use the Emacs minibuffer to prompt
-  ;; for the key passphrase.
-  (set 'epg-pinentry-mode 'loopback)
-  ;; Default to the first enabled and non-expired key in your keyring.
-  (setq-default
-   epa-file-encrypt-to
-   (or (default-value 'epa-file-encrypt-to)
-       (unless (string-empty-p user-full-name)
-         (when-let (context (ignore-errors (epg-make-context)))
-           (cl-loop for key in (epg-list-keys context user-full-name 'public)
-                    for subkey = (car (epg-key-sub-key-list key))
-                    if (not (memq 'disabled (epg-sub-key-capability subkey)))
-                    if (< (or (epg-sub-key-expiration-time subkey) 0)
-                          (time-to-seconds))
-                    collect (epg-sub-key-fingerprint subkey))))
-       user-mail-address))
-   ;; And suppress prompts if epa-file-encrypt-to has a default value (without
-   ;; overwriting file-local values).
-  (defadvice! +default--dont-prompt-for-keys-a (&rest _)
-    :before #'epa-file-write-region
-    (unless (local-variable-p 'epa-file-encrypt-to)
-      (setq-local epa-file-encrypt-to (default-value 'epa-file-encrypt-to)))))
+(when (modulep! +gnupg)
+  ;; By default, Emacs stores `authinfo' in $HOME and in plain-text. Let's not
+  ;; do that, mkay? This file stores usernames, passwords, and other treasures
+  ;; for the aspiring malicious third party. You'll need a GPG setup though.
+  (setq auth-sources (list (file-name-concat doom-profile-state-dir "authinfo.gpg")
+                           "~/.authinfo.gpg"))
+
+  (after! epa
+    ;; With GPG 2.1+, this forces gpg-agent to use the Emacs minibuffer to
+    ;; prompt for the key passphrase.
+    (set 'epg-pinentry-mode 'loopback)
+    ;; Default to the first enabled and non-expired key in your keyring.
+    (setq-default
+     epa-file-encrypt-to
+     (or (default-value 'epa-file-encrypt-to)
+         (unless (string-empty-p user-full-name)
+           (when-let (context (ignore-errors (epg-make-context)))
+             (cl-loop for key in (epg-list-keys context user-full-name 'public)
+                      for subkey = (car (epg-key-sub-key-list key))
+                      if (not (memq 'disabled (epg-sub-key-capability subkey)))
+                      if (< (or (epg-sub-key-expiration-time subkey) 0)
+                            (time-to-seconds))
+                      collect (epg-sub-key-fingerprint subkey))))
+         user-mail-address))
+    ;; And suppress prompts if epa-file-encrypt-to has a default value (without
+    ;; overwriting file-local values).
+    (defadvice! +default--dont-prompt-for-keys-a (&rest _)
+      :before #'epa-file-write-region
+      (unless (local-variable-p 'epa-file-encrypt-to)
+        (setq-local epa-file-encrypt-to (default-value 'epa-file-encrypt-to))))))
 
 
 (after! woman