2 files changed, 23 insertions, 0 deletions

diff --git a/machines/profpatsch/shiki.nix b/machines/profpatsch/shiki.nix
index 1ee8702d..2fc801fc 100644
--- a/machines/profpatsch/shiki.nix
+++ b/machines/profpatsch/shiki.nix
@@ -355,6 +355,13 @@ in {
       agent = {
         enable = true;
         sshSupport = true;
+        # I only want to unlock it once per session
+        extraConfig = ''
+          default-cache-ttl 34560000
+          default-cache-ttl-ssh 34560000
+          max-cache-ttl 34560000
+          max-cache-ttl-ssh 34560000
+        '';
       };
     };
 
diff --git a/modules/programs/gnupg/default.nix b/modules/programs/gnupg/default.nix
index e474289c..8aacfe03 100644
--- a/modules/programs/gnupg/default.nix
+++ b/modules/programs/gnupg/default.nix
@@ -76,6 +76,18 @@ in {
     agent = {
       enable = lib.mkEnableOption "support for the GnuPG agent";
 
+      extraConfig = lib.mkOption {
+        type = types.str;
+        default = "";
+        example = lib.literalExample ''
+          default-cache-ttl 34560000
+          default-cache-ttl-ssh 34560000
+          max-cache-ttl 34560000
+          max-cache-ttl-ssh 34560000
+        '';
+        description = "The content of gpg-agent.conf";
+      };
+
       pinentry.program = mkOption {
         type = types.path;
         default = "${pkgs.pinentry_gtk2}/bin/pinentry";
@@ -118,6 +130,7 @@ in {
 
         serviceConfig.ExecStart = let
           configFile = pkgs.writeText "gpg-agent.conf" ''
+            # module-defined config
             pinentry-program ${pinentryWrapper}
             ${if cfg.agent.scdaemon.enable
               then "scdaemon-program ${scdaemonRedirector}"
@@ -126,6 +139,9 @@ in {
               then "supervised"
               else "no-detach\ndaemon"}
             ${lib.optionalString cfg.agent.sshSupport "enable-ssh-support"}
+
+            # module user config
+            ${cfg.agent.extraConfig}
           '';
         in "${cfg.package}/bin/gpg-agent --options ${configFile}";