diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2024-03-27 17:04:26 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-27 17:04:26 +0100 |
commit | 9b1984ce3648bf9479a67820876d72700c3faa4f (patch) | |
tree | 99dde8728e7aa1dc2805fa8038f6ddcad11dd4ba /nixos/modules/programs/goldwarden.nix | |
parent | cb11f8589769078fa154fb57ed8edd185281f1db (diff) | |
parent | 7ffcd69c1ff94f1e40b5767112669450afd79bbf (diff) |
Merge pull request #293117 from SuperSandro2000/goldwarden
Diffstat (limited to 'nixos/modules/programs/goldwarden.nix')
-rw-r--r-- | nixos/modules/programs/goldwarden.nix | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/nixos/modules/programs/goldwarden.nix b/nixos/modules/programs/goldwarden.nix new file mode 100644 index 0000000000000..26f9a87c1986f --- /dev/null +++ b/nixos/modules/programs/goldwarden.nix @@ -0,0 +1,50 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.programs.goldwarden; +in +{ + options.programs.goldwarden = { + enable = lib.mkEnableOption "Goldwarden"; + package = lib.mkPackageOption pkgs "goldwarden" {}; + useSshAgent = lib.mkEnableOption "Goldwarden's SSH Agent" // { default = true; }; + }; + + config = lib.mkIf cfg.enable { + assertions = [{ + assertion = cfg.useSshAgent -> !config.programs.ssh.startAgent; + message = "Only one ssh-agent can be used at a time."; + }]; + + environment = { + etc = lib.mkIf config.programs.chromium.enable { + "chromium/native-messaging-hosts/com.8bit.bitwarden.json".source = "${cfg.package}/etc/chromium/native-messaging-hosts/com.8bit.bitwarden.json"; + "opt/chrome/native-messaging-hosts/com.8bit.bitwarden.json".source = "${cfg.package}/etc/chrome/native-messaging-hosts/com.8bit.bitwarden.json"; + }; + + extraInit = lib.mkIf cfg.useSshAgent '' + if [ -z "$SSH_AUTH_SOCK" -a -n "$HOME" ]; then + export SSH_AUTH_SOCK="$HOME/.goldwarden-ssh-agent.sock" + fi + ''; + + systemPackages = [ + # for cli and polkit action + cfg.package + # binary exec's into pinentry which should match the DE + config.programs.gnupg.agent.pinentryPackage + ]; + }; + + programs.firefox.nativeMessagingHosts.packages = [ cfg.package ]; + + # see https://github.com/quexten/goldwarden/blob/main/cmd/goldwarden.service + systemd.user.services.goldwarden = { + description = "Goldwarden daemon"; + wantedBy = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig.ExecStart = "${lib.getExe cfg.package} daemonize"; + path = [ config.programs.gnupg.agent.pinentryPackage ]; + unitConfig.ConditionUser = "!@system"; + }; + }; +} |