nix-community/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager.git synced 2025-11-09 03:56:04 +01:00
Code Activity

gpg-agent: pinentryPackage -> pinentry.package and add pinentry.program`

Browse source 
Alternative option for allowing a user to automatically configure what
binary to use from a `pinentry` package. Previously, we always used
`meta.mainProgram` but, there are packages that provide multiple
binaries and this would allow flexibility for a user to override the
default program used.
This commit is contained in:
Austin Horstman 2025-04-23 14:02:42 -05:00
parent 1ad1232399
commit a4c3ce44fc
3 changed files with 60 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

41
modules/services/gpg-agent.nix
View file

@ -168,6 +168,20 @@ in
"gpg-agent" "gpg-agent"
"pinentryFlavor" "pinentryFlavor"
] "Use services.gpg-agent.pinentryPackage instead") ] "Use services.gpg-agent.pinentryPackage instead")
(lib.mkRenamedOptionModule
[
"services"
"gpg-agent"
"pinentryPackage"
]
[
"services"
"gpg-agent"
"pinentry"
"package"
]
)
]; ];
options = { options = {
@ -296,11 +310,12 @@ in
configuration file. configuration file.
''; '';
}; };
pinentryPackage = mkOption {
type = types.nullOr types.package; pinentry = {
example = lib.literalExpression "pkgs.pinentry-gnome3"; package = lib.mkPackageOption pkgs "pinentry-gnome3" {
nullable = true;
default = null; default = null;
description = '' extraDescription = ''
Which pinentry interface to use. If not `null`, it sets Which pinentry interface to use. If not `null`, it sets
{option}`pinentry-program` in {file}`gpg-agent.conf`. Beware that {option}`pinentry-program` in {file}`gpg-agent.conf`. Beware that
`pinentry-gnome3` may not work on non-GNOME systems. You can fix it by `pinentry-gnome3` may not work on non-GNOME systems. You can fix it by
@ -311,6 +326,15 @@ in
''; '';
}; };
program = lib.mkOption {
type = types.nullOr types.str;
example = "wayprompt-pinentry";
description = ''
Which program to search for in the configured `pinentry.package`.
'';
};
};
enableBashIntegration = lib.hm.shell.mkBashIntegrationOption { inherit config; }; enableBashIntegration = lib.hm.shell.mkBashIntegrationOption { inherit config; };
enableFishIntegration = lib.hm.shell.mkFishIntegrationOption { inherit config; }; enableFishIntegration = lib.hm.shell.mkFishIntegrationOption { inherit config; };
@ -324,6 +348,11 @@ in
config = mkIf cfg.enable ( config = mkIf cfg.enable (
lib.mkMerge [ lib.mkMerge [
{ {
# Grab the default binary name and fallback to expected value if `meta.mainProgram` not set
services.gpg-agent.pinentry.program = lib.mkOptionDefault (
cfg.pinentry.package.meta.mainProgram or "pinentry"
);
home.file."${homedir}/gpg-agent.conf".text = lib.concatStringsSep "\n" ( home.file."${homedir}/gpg-agent.conf".text = lib.concatStringsSep "\n" (
optional (cfg.enableSshSupport) "enable-ssh-support" optional (cfg.enableSshSupport) "enable-ssh-support"
++ optional cfg.grabKeyboardAndMouse "grab" ++ optional cfg.grabKeyboardAndMouse "grab"
@ -335,7 +364,9 @@ in
) "default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}" ) "default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}"
++ optional (cfg.maxCacheTtl != null) "max-cache-ttl ${toString cfg.maxCacheTtl}" ++ optional (cfg.maxCacheTtl != null) "max-cache-ttl ${toString cfg.maxCacheTtl}"
++ optional (cfg.maxCacheTtlSsh != null) "max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}" ++ optional (cfg.maxCacheTtlSsh != null) "max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}"
++ optional (cfg.pinentryPackage != null) "pinentry-program ${lib.getExe cfg.pinentryPackage}" ++ optional (
cfg.pinentry.package != null
) "pinentry-program ${lib.getExe' cfg.pinentry.package cfg.pinentry.program}"
++ [ cfg.extraConfig ] ++ [ cfg.extraConfig ]
); );

15
tests/modules/services/gpg-agent/default-homedir.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
lib, lib,
options,
pkgs, pkgs,
... ...
}: }:
@ -10,6 +11,20 @@ lib.mkIf pkgs.stdenv.isLinux {
services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3; services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
programs.gpg.enable = true; programs.gpg.enable = true;
test.asserts.warnings.expected =
let
renamed = {
pinentryPackage = "pinentry.package";
};
in
lib.mapAttrsToList (
old: new:
builtins.replaceStrings [ "\n" ] [ " " ] ''
The option `services.gpg-agent.${old}' defined in
${lib.showFiles options.services.gpg-agent.${old}.files}
has been renamed to `services.gpg-agent.${new}'.''
) renamed;
nmt.script = '' nmt.script = ''
in="${config.systemd.user.sockets.gpg-agent.Socket.ListenStream}" in="${config.systemd.user.sockets.gpg-agent.Socket.ListenStream}"
if [[ $in != "%t/gnupg/S.gpg-agent" ]] if [[ $in != "%t/gnupg/S.gpg-agent" ]]

1
tests/modules/services/gpg-agent/override-homedir.nix
View file

@ -5,7 +5,6 @@ let
in in
{ {
services.gpg-agent.enable = true; services.gpg-agent.enable = true;
services.gpg-agent.pinentryPackage = null; # Don't build pinentry package.
programs.gpg = { programs.gpg = {
enable = true; enable = true;
homedir = "/path/to/hash"; homedir = "/path/to/hash";