refactor: move GPG defaults to :config default

Assuming GPG is present and set up by default can be surprising for
beginners, so this commit makes GPG integration opt-in, behind a new
+gnupg flag in the :config default module. There'll be more added to
this later.

lisp/doom.el

@@ -590,12 +590,6 @@ uses a straight or package.el command directly).")
 ;; config (e.g. ~/.doom.d/).
 (setq custom-file (file-name-concat doom-user-dir "custom.el"))
 
-;; By default, Emacs stores `authinfo' in $HOME and in plain-text. Let's not do
-;; that, mkay? This file stores usernames, passwords, and other treasures for
-;; the aspiring malicious third party. You'll need a GPG setup though.
-(setq auth-sources (list (file-name-concat doom-profile-state-dir "authinfo.gpg")
-                         "~/.authinfo.gpg"))
-
 (define-advice en/disable-command (:around (fn &rest args) write-to-data-dir)
   "Save safe-local-variables to `custom-file' instead of `user-init-file'.
 

modules/config/default/README.org

@@ -20,6 +20,9 @@ This module provides a set of reasonable defaults, including:
 
 ** Module flags
 - +bindings :: ...
+- +gnupg ::
+  Enable GnuPG integration and defaults, allowing Emacs to pick up on your
+  default GPG keys, including interop with pinentry-emacs.
 - +smartparens :: ...
 
 ** Packages

modules/config/default/config.el

@@ -31,29 +31,36 @@
       avy-single-candidate-jump nil)
 
 
-(after! epa
+(when (modulep! +gnupg)
-  ;; With GPG 2.1+, this forces gpg-agent to use the Emacs minibuffer to prompt
+  ;; By default, Emacs stores `authinfo' in $HOME and in plain-text. Let's not
-  ;; for the key passphrase.
+  ;; do that, mkay? This file stores usernames, passwords, and other treasures
-  (set 'epg-pinentry-mode 'loopback)
+  ;; for the aspiring malicious third party. You'll need a GPG setup though.
-  ;; Default to the first enabled and non-expired key in your keyring.
+  (setq auth-sources (list (file-name-concat doom-profile-state-dir "authinfo.gpg")
-  (setq-default
+                           "~/.authinfo.gpg"))
-   epa-file-encrypt-to
+
-   (or (default-value 'epa-file-encrypt-to)
+  (after! epa
-       (unless (string-empty-p user-full-name)
+    ;; With GPG 2.1+, this forces gpg-agent to use the Emacs minibuffer to
-         (when-let (context (ignore-errors (epg-make-context)))
+    ;; prompt for the key passphrase.
-           (cl-loop for key in (epg-list-keys context user-full-name 'public)
+    (set 'epg-pinentry-mode 'loopback)
-                    for subkey = (car (epg-key-sub-key-list key))
+    ;; Default to the first enabled and non-expired key in your keyring.
-                    if (not (memq 'disabled (epg-sub-key-capability subkey)))
+    (setq-default
-                    if (< (or (epg-sub-key-expiration-time subkey) 0)
+     epa-file-encrypt-to
-                          (time-to-seconds))
+     (or (default-value 'epa-file-encrypt-to)
-                    collect (epg-sub-key-fingerprint subkey))))
+         (unless (string-empty-p user-full-name)
-       user-mail-address))
+           (when-let (context (ignore-errors (epg-make-context)))
-   ;; And suppress prompts if epa-file-encrypt-to has a default value (without
+             (cl-loop for key in (epg-list-keys context user-full-name 'public)
-   ;; overwriting file-local values).
+                      for subkey = (car (epg-key-sub-key-list key))
-  (defadvice! +default--dont-prompt-for-keys-a (&rest _)
+                      if (not (memq 'disabled (epg-sub-key-capability subkey)))
-    :before #'epa-file-write-region
+                      if (< (or (epg-sub-key-expiration-time subkey) 0)
-    (unless (local-variable-p 'epa-file-encrypt-to)
+                            (time-to-seconds))
-      (setq-local epa-file-encrypt-to (default-value 'epa-file-encrypt-to)))))
+                      collect (epg-sub-key-fingerprint subkey))))
+         user-mail-address))
+    ;; And suppress prompts if epa-file-encrypt-to has a default value (without
+    ;; overwriting file-local values).
+    (defadvice! +default--dont-prompt-for-keys-a (&rest _)
+      :before #'epa-file-write-region
+      (unless (local-variable-p 'epa-file-encrypt-to)
+        (setq-local epa-file-encrypt-to (default-value 'epa-file-encrypt-to))))))
 
 
 (after! woman