nix-community/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager.git synced 2025-11-08 11:36:05 +01:00
Code Activity

gpg-agent: refactor

Browse source
This commit is contained in:
jaredmontoya 2025-09-29 13:16:20 +02:00 committed by Austin Horstman
parent c537cb21e3
commit 3557df69ee
1 changed files with 53 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

44
modules/services/gpg-agent.nix
View file

@ -17,34 +17,33 @@ let
cfg = config.services.gpg-agent;
gpgPkg = config.programs.gpg.package;
homedir = config.programs.gpg.homedir;
inherit (config.programs.gpg) homedir;
gpgSshSupportStr = ''
${gpgPkg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
${gpgPkg}/bin/gpg-connect-agent --quiet updatestartuptty /bye
'';
gpgInitStr = ''
gpgBashInitStr = ''
GPG_TTY="$(tty)"
export GPG_TTY
''
+ optionalString cfg.enableSshSupport gpgSshSupportStr;
+ optionalString cfg.enableSshSupport "${gpgSshSupportStr} > /dev/null";
gpgZshInitStr = ''
export GPG_TTY=$TTY
''
+ optionalString cfg.enableSshSupport gpgSshSupportStr;
+ optionalString cfg.enableSshSupport "${gpgSshSupportStr} > /dev/null";
gpgFishInitStr = ''
set -gx GPG_TTY (tty)
''
+ optionalString cfg.enableSshSupport gpgSshSupportStr;
+ optionalString cfg.enableSshSupport "${gpgSshSupportStr} > /dev/null";
gpgNushellInitStr = ''
$env.GPG_TTY = (tty)
''
+ optionalString cfg.enableSshSupport ''
${gpgPkg}/bin/gpg-connect-agent --quiet updatestartuptty /bye | ignore
${gpgSshSupportStr} | ignore
$env.SSH_AUTH_SOCK = ($env.SSH_AUTH_SOCK? | default (${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket))
'';
@ -113,7 +112,7 @@ let
}
else
{
ret = ret;
inherit ret;
buf = buf';
bufBits = bufBits';
};
@ -350,10 +349,10 @@ in
);
home.file."${homedir}/gpg-agent.conf".text = lib.concatStringsSep "\n" (
optional (cfg.enableSshSupport) "enable-ssh-support"
optional cfg.enableSshSupport "enable-ssh-support"
++ optional cfg.grabKeyboardAndMouse "grab"
++ optional (!cfg.enableScDaemon) "disable-scdaemon"
++ optional (cfg.noAllowExternalCache) "no-allow-external-cache"
++ optional cfg.noAllowExternalCache "no-allow-external-cache"
++ optional (cfg.defaultCacheTtl != null) "default-cache-ttl ${toString cfg.defaultCacheTtl}"
++ optional (
cfg.defaultCacheTtlSsh != null
@ -373,11 +372,12 @@ in
fi
'';
programs.bash.initExtra = mkIf cfg.enableBashIntegration gpgInitStr;
programs.zsh.initContent = mkIf cfg.enableZshIntegration gpgZshInitStr;
programs.fish.interactiveShellInit = mkIf cfg.enableFishIntegration gpgFishInitStr;
programs.nushell.extraConfig = mkIf cfg.enableNushellIntegration gpgNushellInitStr;
programs = {
bash.initExtra = mkIf cfg.enableBashIntegration gpgBashInitStr;
zsh.initContent = mkIf cfg.enableZshIntegration gpgZshInitStr;
fish.interactiveShellInit = mkIf cfg.enableFishIntegration gpgFishInitStr;
nushell.extraConfig = mkIf cfg.enableNushellIntegration gpgNushellInitStr;
};
}
(mkIf (cfg.sshKeys != null) {
@ -389,7 +389,8 @@ in
(lib.mkMerge [
(mkIf pkgs.stdenv.isLinux {
systemd.user.services.gpg-agent = {
systemd.user = {
services.gpg-agent = {
Unit = {
Description = "GnuPG cryptographic agent and passphrase cache";
Documentation = "man:gpg-agent(1)";
@ -406,26 +407,29 @@ in
};
};
systemd.user.sockets.gpg-agent = mkSocket {
sockets = {
gpg-agent = mkSocket {
desc = "GnuPG cryptographic agent and passphrase cache";
docs = "man:gpg-agent(1)";
stream = "S.gpg-agent";
fdName = "std";
};
systemd.user.sockets.gpg-agent-ssh = mkIf cfg.enableSshSupport (mkSocket {
gpg-agent-ssh = mkIf cfg.enableSshSupport (mkSocket {
desc = "GnuPG cryptographic agent (ssh-agent emulation)";
docs = "man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)";
stream = "S.gpg-agent.ssh";
fdName = "ssh";
});
systemd.user.sockets.gpg-agent-extra = mkIf cfg.enableExtraSocket (mkSocket {
gpg-agent-extra = mkIf cfg.enableExtraSocket (mkSocket {
desc = "GnuPG cryptographic agent and passphrase cache (restricted)";
docs = "man:gpg-agent(1) man:ssh(1)";
stream = "S.gpg-agent.extra";
fdName = "extra";
});
};
};
})
(mkIf pkgs.stdenv.isDarwin {