mirror of
https://github.com/nix-community/home-manager.git
synced 2025-11-08 19:46:05 +01:00
gpg-agent: refactor
This commit is contained in:
jaredmontoya
Austin Horstman
parent
c537cb21e3
commit
3557df69ee
1 changed files with 53 additions and 49 deletions
|
|
@ -17,34 +17,33 @@ let
|
||||||
cfg = config.services.gpg-agent;
|
cfg = config.services.gpg-agent;
|
||||||
gpgPkg = config.programs.gpg.package;
|
gpgPkg = config.programs.gpg.package;
|
||||||
|
|
||||||
homedir = config.programs.gpg.homedir;
|
inherit (config.programs.gpg) homedir;
|
||||||
|
|
||||||
gpgSshSupportStr = ''
|
gpgSshSupportStr = ''
|
||||||
${gpgPkg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
|
${gpgPkg}/bin/gpg-connect-agent --quiet updatestartuptty /bye
|
||||||
'';
|
'';
|
||||||
|
|
||||||
gpgInitStr = ''
|
gpgBashInitStr = ''
|
||||||
GPG_TTY="$(tty)"
|
GPG_TTY="$(tty)"
|
||||||
export GPG_TTY
|
export GPG_TTY
|
||||||
''
|
''
|
||||||
+ optionalString cfg.enableSshSupport gpgSshSupportStr;
|
+ optionalString cfg.enableSshSupport "${gpgSshSupportStr} > /dev/null";
|
||||||
|
|
||||||
gpgZshInitStr = ''
|
gpgZshInitStr = ''
|
||||||
export GPG_TTY=$TTY
|
export GPG_TTY=$TTY
|
||||||
''
|
''
|
||||||
+ optionalString cfg.enableSshSupport gpgSshSupportStr;
|
+ optionalString cfg.enableSshSupport "${gpgSshSupportStr} > /dev/null";
|
||||||
|
|
||||||
gpgFishInitStr = ''
|
gpgFishInitStr = ''
|
||||||
set -gx GPG_TTY (tty)
|
set -gx GPG_TTY (tty)
|
||||||
''
|
''
|
||||||
+ optionalString cfg.enableSshSupport gpgSshSupportStr;
|
+ optionalString cfg.enableSshSupport "${gpgSshSupportStr} > /dev/null";
|
||||||
|
|
||||||
gpgNushellInitStr = ''
|
gpgNushellInitStr = ''
|
||||||
$env.GPG_TTY = (tty)
|
$env.GPG_TTY = (tty)
|
||||||
''
|
''
|
||||||
+ optionalString cfg.enableSshSupport ''
|
+ optionalString cfg.enableSshSupport ''
|
||||||
${gpgPkg}/bin/gpg-connect-agent --quiet updatestartuptty /bye | ignore
|
${gpgSshSupportStr} | ignore
|
||||||
|
|
||||||
$env.SSH_AUTH_SOCK = ($env.SSH_AUTH_SOCK? | default (${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket))
|
$env.SSH_AUTH_SOCK = ($env.SSH_AUTH_SOCK? | default (${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket))
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
@ -113,7 +112,7 @@ let
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ret = ret;
|
inherit ret;
|
||||||
buf = buf';
|
buf = buf';
|
||||||
bufBits = bufBits';
|
bufBits = bufBits';
|
||||||
};
|
};
|
||||||
|
|
@ -350,10 +349,10 @@ in
|
||||||
);
|
);
|
||||||
|
|
||||||
home.file."${homedir}/gpg-agent.conf".text = lib.concatStringsSep "\n" (
|
home.file."${homedir}/gpg-agent.conf".text = lib.concatStringsSep "\n" (
|
||||||
optional (cfg.enableSshSupport) "enable-ssh-support"
|
optional cfg.enableSshSupport "enable-ssh-support"
|
||||||
++ optional cfg.grabKeyboardAndMouse "grab"
|
++ optional cfg.grabKeyboardAndMouse "grab"
|
||||||
++ optional (!cfg.enableScDaemon) "disable-scdaemon"
|
++ optional (!cfg.enableScDaemon) "disable-scdaemon"
|
||||||
++ optional (cfg.noAllowExternalCache) "no-allow-external-cache"
|
++ optional cfg.noAllowExternalCache "no-allow-external-cache"
|
||||||
++ optional (cfg.defaultCacheTtl != null) "default-cache-ttl ${toString cfg.defaultCacheTtl}"
|
++ optional (cfg.defaultCacheTtl != null) "default-cache-ttl ${toString cfg.defaultCacheTtl}"
|
||||||
++ optional (
|
++ optional (
|
||||||
cfg.defaultCacheTtlSsh != null
|
cfg.defaultCacheTtlSsh != null
|
||||||
|
|
@ -373,11 +372,12 @@ in
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
programs.bash.initExtra = mkIf cfg.enableBashIntegration gpgInitStr;
|
programs = {
|
||||||
programs.zsh.initContent = mkIf cfg.enableZshIntegration gpgZshInitStr;
|
bash.initExtra = mkIf cfg.enableBashIntegration gpgBashInitStr;
|
||||||
programs.fish.interactiveShellInit = mkIf cfg.enableFishIntegration gpgFishInitStr;
|
zsh.initContent = mkIf cfg.enableZshIntegration gpgZshInitStr;
|
||||||
|
fish.interactiveShellInit = mkIf cfg.enableFishIntegration gpgFishInitStr;
|
||||||
programs.nushell.extraConfig = mkIf cfg.enableNushellIntegration gpgNushellInitStr;
|
nushell.extraConfig = mkIf cfg.enableNushellIntegration gpgNushellInitStr;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
(mkIf (cfg.sshKeys != null) {
|
(mkIf (cfg.sshKeys != null) {
|
||||||
|
|
@ -389,43 +389,47 @@ in
|
||||||
|
|
||||||
(lib.mkMerge [
|
(lib.mkMerge [
|
||||||
(mkIf pkgs.stdenv.isLinux {
|
(mkIf pkgs.stdenv.isLinux {
|
||||||
systemd.user.services.gpg-agent = {
|
systemd.user = {
|
||||||
Unit = {
|
services.gpg-agent = {
|
||||||
Description = "GnuPG cryptographic agent and passphrase cache";
|
Unit = {
|
||||||
Documentation = "man:gpg-agent(1)";
|
Description = "GnuPG cryptographic agent and passphrase cache";
|
||||||
Requires = "gpg-agent.socket";
|
Documentation = "man:gpg-agent(1)";
|
||||||
After = "gpg-agent.socket";
|
Requires = "gpg-agent.socket";
|
||||||
# This is a socket-activated service:
|
After = "gpg-agent.socket";
|
||||||
RefuseManualStart = true;
|
# This is a socket-activated service:
|
||||||
|
RefuseManualStart = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
Service = {
|
||||||
|
ExecStart = "${gpgPkg}/bin/gpg-agent --supervised" + optionalString cfg.verbose " --verbose";
|
||||||
|
ExecReload = "${gpgPkg}/bin/gpgconf --reload gpg-agent";
|
||||||
|
Environment = [ "GNUPGHOME=${homedir}" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
Service = {
|
sockets = {
|
||||||
ExecStart = "${gpgPkg}/bin/gpg-agent --supervised" + optionalString cfg.verbose " --verbose";
|
gpg-agent = mkSocket {
|
||||||
ExecReload = "${gpgPkg}/bin/gpgconf --reload gpg-agent";
|
desc = "GnuPG cryptographic agent and passphrase cache";
|
||||||
Environment = [ "GNUPGHOME=${homedir}" ];
|
docs = "man:gpg-agent(1)";
|
||||||
|
stream = "S.gpg-agent";
|
||||||
|
fdName = "std";
|
||||||
|
};
|
||||||
|
|
||||||
|
gpg-agent-ssh = mkIf cfg.enableSshSupport (mkSocket {
|
||||||
|
desc = "GnuPG cryptographic agent (ssh-agent emulation)";
|
||||||
|
docs = "man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)";
|
||||||
|
stream = "S.gpg-agent.ssh";
|
||||||
|
fdName = "ssh";
|
||||||
|
});
|
||||||
|
|
||||||
|
gpg-agent-extra = mkIf cfg.enableExtraSocket (mkSocket {
|
||||||
|
desc = "GnuPG cryptographic agent and passphrase cache (restricted)";
|
||||||
|
docs = "man:gpg-agent(1) man:ssh(1)";
|
||||||
|
stream = "S.gpg-agent.extra";
|
||||||
|
fdName = "extra";
|
||||||
|
});
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.user.sockets.gpg-agent = mkSocket {
|
|
||||||
desc = "GnuPG cryptographic agent and passphrase cache";
|
|
||||||
docs = "man:gpg-agent(1)";
|
|
||||||
stream = "S.gpg-agent";
|
|
||||||
fdName = "std";
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.user.sockets.gpg-agent-ssh = mkIf cfg.enableSshSupport (mkSocket {
|
|
||||||
desc = "GnuPG cryptographic agent (ssh-agent emulation)";
|
|
||||||
docs = "man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)";
|
|
||||||
stream = "S.gpg-agent.ssh";
|
|
||||||
fdName = "ssh";
|
|
||||||
});
|
|
||||||
|
|
||||||
systemd.user.sockets.gpg-agent-extra = mkIf cfg.enableExtraSocket (mkSocket {
|
|
||||||
desc = "GnuPG cryptographic agent and passphrase cache (restricted)";
|
|
||||||
docs = "man:gpg-agent(1) man:ssh(1)";
|
|
||||||
stream = "S.gpg-agent.extra";
|
|
||||||
fdName = "extra";
|
|
||||||
});
|
|
||||||
})
|
})
|
||||||
|
|
||||||
(mkIf pkgs.stdenv.isDarwin {
|
(mkIf pkgs.stdenv.isDarwin {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue