diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/module-list.nix | 2 | ||||
-rw-r--r-- | modules/programs/gnupg/agent-wrapper.c (renamed from modules/programs/gpg-agent/agent-wrapper.c) | 0 | ||||
-rw-r--r-- | modules/programs/gnupg/default.nix (renamed from modules/programs/gpg-agent/default.nix) | 69 | ||||
-rw-r--r-- | modules/programs/gnupg/pinentry-wrapper.c (renamed from modules/programs/gpg-agent/pinentry-wrapper.c) | 0 | ||||
-rw-r--r-- | modules/user/aszlig/profiles/workstation/default.nix | 5 |
5 files changed, 43 insertions, 33 deletions
diff --git a/modules/module-list.nix b/modules/module-list.nix index 7a489c55..13692497 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -5,7 +5,7 @@ ./hardware/thinkpad.nix ./profiles/common.nix ./profiles/tests.nix - ./programs/gpg-agent + ./programs/gnupg ./services/multipath-vpn.nix ./services/postfix ./services/starbound.nix diff --git a/modules/programs/gpg-agent/agent-wrapper.c b/modules/programs/gnupg/agent-wrapper.c index 86e44c1a..86e44c1a 100644 --- a/modules/programs/gpg-agent/agent-wrapper.c +++ b/modules/programs/gnupg/agent-wrapper.c diff --git a/modules/programs/gpg-agent/default.nix b/modules/programs/gnupg/default.nix index 139813d0..c6034f11 100644 --- a/modules/programs/gpg-agent/default.nix +++ b/modules/programs/gnupg/default.nix @@ -3,10 +3,10 @@ with lib; let - cfg = config.vuizvui.programs.gpg-agent; + cfg = config.vuizvui.programs.gnupg; pinentryWrapper = pkgs.runCommand "pinentry-wrapper" { - pinentryProgram = cfg.pinentry.program; + pinentryProgram = cfg.agent.pinentry.program; } '' cc -Wall -std=gnu11 -DPINENTRY_PROGRAM=\"$pinentryProgram\" \ "${./pinentry-wrapper.c}" -o "$out" @@ -37,8 +37,8 @@ let }; in { - options.vuizvui.programs.gpg-agent = { - enable = mkEnableOption "support for GnuPG agent"; + options.vuizvui.programs.gnupg = { + enable = mkEnableOption "support for GnuPG"; homeDir = mkOption { type = types.addCheck types.str (d: builtins.substring 0 1 d != "/"); @@ -54,39 +54,48 @@ in { default = pkgs.gnupg; defaultText = "pkgs.gnupg"; example = literalExample "pkgs.gnupg21"; - description = "The GnuPG package to use for running the agent."; + description = '' + The GnuPG package to use for running the agent and make available in + <option>environment.systemPackages</option>. + ''; }; - pinentry.program = mkOption { - type = types.path; - default = "${pkgs.pinentry}/bin/pinentry"; - defaultText = "\${pkgs.pinentry}/bin/pinentry"; - example = literalExample "\${pkgs.pinentry_qt5}/bin/pinentry"; - description = "The pinentry program to use to ask for passphrases."; - }; + agent = { + enable = mkEnableOption "support for the GnuPG agent"; + + pinentry.program = mkOption { + type = types.path; + default = "${pkgs.pinentry}/bin/pinentry"; + defaultText = "\${pkgs.pinentry}/bin/pinentry"; + example = literalExample "\${pkgs.pinentry_qt5}/bin/pinentry"; + description = "The pinentry program to use to ask for passphrases."; + }; - sshSupport = mkEnableOption "GnuPG agent support for SSH"; + sshSupport = mkEnableOption "GnuPG agent support for SSH"; - scdaemon = { - enable = mkEnableOption "GnuPG agent with Smartcard daemon"; + scdaemon = { + enable = mkEnableOption "GnuPG agent with Smartcard daemon"; - program = mkOption { - type = types.path; - default = "${cfg.package}/libexec/scdaemon"; - defaultText = let - configPath = "config.vuizvui.programs.gpg-agent"; - in "\${${configPath}.package}/libexec/scdaemon"; - example = literalExample "\${pkgs.my_shiny_scdaemon}/bin/scdaemon"; - description = "The program to use for the Smartcard daemon"; + program = mkOption { + type = types.path; + default = "${cfg.package}/libexec/scdaemon"; + defaultText = let + configPath = "config.vuizvui.programs.gnupg"; + in "\${${configPath}.package}/libexec/scdaemon"; + example = literalExample "\${pkgs.my_shiny_scdaemon}/bin/scdaemon"; + description = "The program to use for the Smartcard daemon"; + }; }; }; }; config = mkMerge [ (mkIf cfg.enable { - vuizvui.requiresTests = singleton ["vuizvui" "programs" "gpg-agent"]; + vuizvui.requiresTests = singleton ["vuizvui" "programs" "gnupg"]; environment.systemPackages = [ cfg.package ]; - + environment.variables.GNUPGHOME = "~/${cfg.homeDir}"; + }) + (mkIf (cfg.enable && cfg.agent.enable) { systemd.user.services.gpg-agent = { description = "GnuPG Agent"; environment.LD_PRELOAD = agentWrapper; @@ -95,12 +104,12 @@ in { serviceConfig.ExecStart = toString ([ "${cfg.package}/bin/gpg-agent" "--pinentry-program=${pinentryWrapper}" - (if cfg.scdaemon.enable + (if cfg.agent.scdaemon.enable then "--scdaemon-program=${scdaemonRedirector}" else "--disable-scdaemon") "--no-detach" "--daemon" - ] ++ optional cfg.sshSupport "--enable-ssh-support"); + ] ++ optional cfg.agent.sshSupport "--enable-ssh-support"); serviceConfig.ExecReload = toString [ "${cfg.package}/bin/gpg-connect-agent" @@ -116,7 +125,7 @@ in { socketConfig = agentSocketConfig "main"; }; }) - (mkIf (cfg.enable && cfg.scdaemon.enable) { + (mkIf (cfg.enable && cfg.agent.enable && cfg.agent.scdaemon.enable) { systemd.user.sockets.gnupg-scdaemon = { wantedBy = [ "sockets.target" ]; description = "GnuPG Smartcard Daemon Socket"; @@ -134,13 +143,13 @@ in { environment.GNUPGHOME = "~/${cfg.homeDir}"; serviceConfig.ExecStart = toString [ - "${cfg.scdaemon.program}" + "${cfg.agent.scdaemon.program}" "--no-detach" "--daemon" ]; }; }) - (mkIf (cfg.enable && cfg.sshSupport) { + (mkIf (cfg.enable && cfg.agent.enable && cfg.agent.sshSupport) { environment.variables.SSH_AUTH_SOCK = "$HOME/${cfg.homeDir}/S.gpg-agent.ssh"; diff --git a/modules/programs/gpg-agent/pinentry-wrapper.c b/modules/programs/gnupg/pinentry-wrapper.c index 12710760..12710760 100644 --- a/modules/programs/gpg-agent/pinentry-wrapper.c +++ b/modules/programs/gnupg/pinentry-wrapper.c diff --git a/modules/user/aszlig/profiles/workstation/default.nix b/modules/user/aszlig/profiles/workstation/default.nix index a2b01b35..9a5ef384 100644 --- a/modules/user/aszlig/profiles/workstation/default.nix +++ b/modules/user/aszlig/profiles/workstation/default.nix @@ -102,8 +102,9 @@ in { }; }; - vuizvui.programs.gpg-agent.enable = true; - vuizvui.programs.gpg-agent.sshSupport = true; + vuizvui.programs.gnupg.enable = true; + vuizvui.programs.gnupg.agent.enable = true; + vuizvui.programs.gnupg.agent.sshSupport = true; services = { openssh = { |