nix-community/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager.git synced 2025-11-08 19:46:05 +01:00
Code Activity

yubikey-agent: init service module (#6446)

Browse source
This commit is contained in:
Calum MacRae 2025-02-14 21:10:24 +00:00 committed by GitHub
parent 9daae9a67a
commit 582d3cd42d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 196 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/modules.nix
View file

@ -424,6 +424,7 @@ let
./services/xscreensaver.nix
./services/xsettingsd.nix
./services/xsuspender.nix
./services/yubikey-agent.nix
./systemd.nix
./targets/darwin
./targets/generic-linux.nix

92
modules/services/yubikey-agent.nix Normal file
View file

@ -0,0 +1,92 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf;
cfg = config.services.yubikey-agent;
in {
meta.maintainers = [ lib.maintainers.cmacrae ];
options.services.yubikey-agent = {
enable = lib.mkEnableOption "Seamless ssh-agent for YubiKeys";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.yubikey-agent;
defaultText = lib.literalExpression "pkgs.yubikey-agent";
description = "The yubikey-agent package to use.";
};
};
config = mkIf cfg.enable (lib.mkMerge [
{ home.packages = [ cfg.package ]; }
(mkIf pkgs.stdenv.isLinux {
systemd.user.services.yubikey-agent = {
Unit = {
Description = "Seamless ssh-agent for YubiKeys";
Documentation = "https://github.com/FiloSottile/yubikey-agent";
Requires = "yubikey-agent.socket";
After = "yubikey-agent.socket";
RefuseManualStart = true;
};
Service = {
ExecStart =
"${cfg.package}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock";
Type = "simple";
# /run/user/$UID for the socket
ReadWritePaths = [ "%t" ];
};
};
systemd.user.sockets.yubikey-agent = {
Unit = {
Description = "Unix domain socket for Yubikey SSH agent";
Documentation = "https://github.com/FiloSottile/yubikey-agent";
};
Socket = {
ListenStream = "%t/yubikey-agent/yubikey-agent.sock";
RuntimeDirectory = "yubikey-agent";
SocketMode = "0600";
DirectoryMode = "0700";
};
Install = { WantedBy = [ "sockets.target" ]; };
};
home.sessionVariables = {
SSH_AUTH_SOCK =
"\${XDG_RUNTIME_DIR:-/run/user/$UID}/yubikey-agent/yubikey-agent.sock";
};
})
(mkIf pkgs.stdenv.isDarwin {
launchd.agents.yubikey-agent = {
enable = true;
config = {
ProgramArguments = [
"${cfg.package}/bin/yubikey-agent"
"-l"
"/tmp/yubikey-agent.sock"
];
KeepAlive = {
Crashed = true;
SuccessfulExit = false;
};
ProcessType = "Background";
Sockets = {
Listener = {
SockPathName = "/tmp/yubikey-agent.sock";
SockPathMode = 384; # 0600 in decimal
};
};
};
};
home.sessionVariables = { SSH_AUTH_SOCK = "/tmp/yubikey-agent.sock"; };
})
]);
}

2
tests/default.nix
View file

@ -263,6 +263,7 @@ in import nmtSrc {
./modules/services/imapnotify-darwin
./modules/services/nix-gc-darwin
./modules/services/ollama/darwin
./modules/services/yubikey-agent-darwin
./modules/targets-darwin
] ++ lib.optionals isLinux [
./modules/config/i18n
@ -389,6 +390,7 @@ in import nmtSrc {
./modules/services/wlsunset
./modules/services/wob
./modules/services/xsettingsd
./modules/services/yubikey-agent
./modules/systemd
./modules/targets-linux
]);

1
tests/modules/services/yubikey-agent-darwin/default.nix Normal file
View file

@ -0,0 +1 @@
{ yubikey-agent-darwin = ./service.nix; }

50
tests/modules/services/yubikey-agent-darwin/service.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, ... }:
{
services.yubikey-agent = {
enable = true;
package = config.lib.test.mkStubPackage { outPath = "@yubikey-agent@"; };
};
nmt.script = ''
serviceFile=LaunchAgents/org.nix-community.home.yubikey-agent.plist
assertFileExists "$serviceFile"
assertFileContent "$serviceFile" ${
builtins.toFile "expected-agent.plist" ''
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>Crashed</key>
<true/>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>Label</key>
<string>org.nix-community.home.yubikey-agent</string>
<key>ProcessType</key>
<string>Background</string>
<key>ProgramArguments</key>
<array>
<string>@yubikey-agent@/bin/yubikey-agent</string>
<string>-l</string>
<string>/tmp/yubikey-agent.sock</string>
</array>
<key>Sockets</key>
<dict>
<key>Listener</key>
<dict>
<key>SockPathMode</key>
<integer>384</integer>
<key>SockPathName</key>
<string>/tmp/yubikey-agent.sock</string>
</dict>
</dict>
</dict>
</plist>
''
}
'';
}

1
tests/modules/services/yubikey-agent/default.nix Normal file
View file

@ -0,0 +1 @@
{ yubikey-agent = ./service.nix; }

49
tests/modules/services/yubikey-agent/service.nix Normal file
View file

@ -0,0 +1,49 @@
{ config, ... }:
{
services.yubikey-agent = {
enable = true;
package = config.lib.test.mkStubPackage { outPath = "@yubikey-agent@"; };
};
nmt.script = ''
serviceFile=home-files/.config/systemd/user/yubikey-agent.service
socketFile=home-files/.config/systemd/user/yubikey-agent.socket
assertFileExists $serviceFile
assertFileExists $socketFile
assertFileContent $serviceFile ${
builtins.toFile "expected-service" ''
[Service]
ExecStart=@yubikey-agent@/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock
ReadWritePaths=%t
Type=simple
[Unit]
After=yubikey-agent.socket
Description=Seamless ssh-agent for YubiKeys
Documentation=https://github.com/FiloSottile/yubikey-agent
RefuseManualStart=true
Requires=yubikey-agent.socket
''
}
assertFileContent $socketFile ${
builtins.toFile "expected-socket" ''
[Install]
WantedBy=sockets.target
[Socket]
DirectoryMode=0700
ListenStream=%t/yubikey-agent/yubikey-agent.sock
RuntimeDirectory=yubikey-agent
SocketMode=0600
[Unit]
Description=Unix domain socket for Yubikey SSH agent
Documentation=https://github.com/FiloSottile/yubikey-agent
''
}
'';
}