gpg-agent: pinentryPackage -> pinentry.package and add pinentry.program`

Alternative option for allowing a user to automatically configure what binary to use from a `pinentry` package. Previously, we always used `meta.mainProgram` but, there are packages that provide multiple binaries and this would allow flexibility for a user to override the default program used.
2025-11-08 19:46:05 +01:00 · 2025-04-23 14:02:42 -05:00 · 2025-04-23 14:02:42 -05:00 · a4c3ce44fc
commit a4c3ce44fc
parent 1ad1232399
3 changed files with 60 additions and 15 deletions
--- a/modules/services/gpg-agent.nix
+++ b/modules/services/gpg-agent.nix
@ -168,6 +168,20 @@ in
      "gpg-agent"
      "pinentryFlavor"
    ] "Use services.gpg-agent.pinentryPackage instead")
+
+    (lib.mkRenamedOptionModule
+      [
+        "services"
+        "gpg-agent"
+        "pinentryPackage"
+      ]
+      [
+        "services"
+        "gpg-agent"
+        "pinentry"
+        "package"
+      ]
+    )
  ];

  options = {
@ -296,19 +310,29 @@ in
          configuration file.
        '';
      };
-      pinentryPackage = mkOption {
-        type = types.nullOr types.package;
-        example = lib.literalExpression "pkgs.pinentry-gnome3";
-        default = null;
-        description = ''
-          Which pinentry interface to use. If not `null`, it sets
-          {option}`pinentry-program` in {file}`gpg-agent.conf`. Beware that
-          `pinentry-gnome3` may not work on non-GNOME systems. You can fix it by
-          adding the following to your configuration:
-          ```nix
-          home.packages = [ pkgs.gcr ];
-          ```
-        '';
+
+      pinentry = {
+        package = lib.mkPackageOption pkgs "pinentry-gnome3" {
+          nullable = true;
+          default = null;
+          extraDescription = ''
+            Which pinentry interface to use. If not `null`, it sets
+            {option}`pinentry-program` in {file}`gpg-agent.conf`. Beware that
+            `pinentry-gnome3` may not work on non-GNOME systems. You can fix it by
+            adding the following to your configuration:
+            ```nix
+            home.packages = [ pkgs.gcr ];
+            ```
+          '';
+        };
+
+        program = lib.mkOption {
+          type = types.nullOr types.str;
+          example = "wayprompt-pinentry";
+          description = ''
+            Which program to search for in the configured `pinentry.package`.
+          '';
+        };
      };

      enableBashIntegration = lib.hm.shell.mkBashIntegrationOption { inherit config; };
@ -324,6 +348,11 @@ in
  config = mkIf cfg.enable (
    lib.mkMerge [
      {
+        # Grab the default binary name and fallback to expected value if `meta.mainProgram` not set
+        services.gpg-agent.pinentry.program = lib.mkOptionDefault (
+          cfg.pinentry.package.meta.mainProgram or "pinentry"
+        );
+
        home.file."${homedir}/gpg-agent.conf".text = lib.concatStringsSep "\n" (
          optional (cfg.enableSshSupport) "enable-ssh-support"
          ++ optional cfg.grabKeyboardAndMouse "grab"
@ -335,7 +364,9 @@ in
          ) "default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}"
          ++ optional (cfg.maxCacheTtl != null) "max-cache-ttl ${toString cfg.maxCacheTtl}"
          ++ optional (cfg.maxCacheTtlSsh != null) "max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}"
-          ++ optional (cfg.pinentryPackage != null) "pinentry-program ${lib.getExe cfg.pinentryPackage}"
+          ++ optional (
+            cfg.pinentry.package != null
+          ) "pinentry-program ${lib.getExe' cfg.pinentry.package cfg.pinentry.program}"
          ++ [ cfg.extraConfig ]
        );

--- a/tests/modules/services/gpg-agent/default-homedir.nix
+++ b/tests/modules/services/gpg-agent/default-homedir.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  options,
  pkgs,
  ...
 }:
@ -10,6 +11,20 @@ lib.mkIf pkgs.stdenv.isLinux {
  services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
  programs.gpg.enable = true;

+  test.asserts.warnings.expected =
+    let
+      renamed = {
+        pinentryPackage = "pinentry.package";
+      };
+    in
+    lib.mapAttrsToList (
+      old: new:
+      builtins.replaceStrings [ "\n" ] [ " " ] ''
+        The option `services.gpg-agent.${old}' defined in
+        ${lib.showFiles options.services.gpg-agent.${old}.files}
+        has been renamed to `services.gpg-agent.${new}'.''
+    ) renamed;
+
  nmt.script = ''
    in="${config.systemd.user.sockets.gpg-agent.Socket.ListenStream}"
    if [[ $in != "%t/gnupg/S.gpg-agent" ]]
--- a/tests/modules/services/gpg-agent/override-homedir.nix
+++ b/tests/modules/services/gpg-agent/override-homedir.nix
@ -5,7 +5,6 @@ let
 in
 {
  services.gpg-agent.enable = true;
-  services.gpg-agent.pinentryPackage = null; # Don't build pinentry package.
  programs.gpg = {
    enable = true;
    homedir = "/path/to/hash";