From 6f5815b39200d70b6d29958d2751ffb15bdffce2 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo@depeuter.dev>
Date: Sat, 30 Mar 2024 23:05:05 +0100
Subject: [PATCH] [thunderbird] Sign mail with YubiKey

---
 nixos/modules/hardware/yubikey/default.nix | 10 ++++++----
 nixos/users/tdpeuter/mail.nix              | 17 +++++++++++++----
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/nixos/modules/hardware/yubikey/default.nix b/nixos/modules/hardware/yubikey/default.nix
index 8deb1ed..116a7d1 100644
--- a/nixos/modules/hardware/yubikey/default.nix
+++ b/nixos/modules/hardware/yubikey/default.nix
@@ -6,12 +6,14 @@ in {
   options.sisyphus.hardware.yubikey.enable = lib.mkEnableOption "YubiKey support";
 
   config = lib.mkIf cfg.enable {
-    # Enable smart card reading
-    services.pcscd.enable = true;
-
     programs.gnupg.agent = {
       enable = true;
-      pinentryFlavor = "curses";
+      # TODO Necessary?
+      # enableSSHSupport = true;
+      # pinentryFlavor = "curses";
     };
+
+    # Enable smart card reading
+    services.pcscd.enable = true;
   };
 }
diff --git a/nixos/users/tdpeuter/mail.nix b/nixos/users/tdpeuter/mail.nix
index a7335c9..d6b4928 100644
--- a/nixos/users/tdpeuter/mail.nix
+++ b/nixos/users/tdpeuter/mail.nix
@@ -67,9 +67,13 @@ in {
           thunderbird = {
             enable = true;
             settings = id: {
-              "mail.server.server_${id}.authMethod" = 10;
+              "mail.server.server_${id}.authMethod"   = 10;
               "mail.smtpserver.smtp_${id}.authMethod" = 10;
-              "mail.identity.id_${id}.htmlSigText" = signatures.UGent;
+              "mail.identity.id_${id}.htmlSigText"    = signatures.UGent;
+
+              # Allow PGP
+              "mail.identity.id_${id}.openpgp_key_id" = "9B11F5243089DB5B"; # Your 'master' key
+              "mail.identity.id_${id}.attachPgpKey"   = true;
             };
           };
         };
@@ -117,10 +121,15 @@ in {
           profiles.tdpeuter = {
             isDefault = true;
             settings = {
-              "mailnews.default_sort_order" = 2; # Sort descending
+              # View
+              "mailnews.default_sort_order" = 2;          # Sort descending
               "mailnews.mark_message_read.delay" = true;
               "mailnews.start_page.enabled" = false;
-              "mail.pane_config.dynamic" = 2; # Vertical view
+              "mail.pane_config.dynamic" = 2;             # Vertical view
+
+              # Encryption
+              "mail.openpgp.allow_external_gnupg" = true; # Enable YubiKey GPG signing
+              "mail.e2ee.auto_enable" = true;             # Automatically enable encryption when possible.
             };
           };
         };