From 1e6e97836c5281b18929e43877025ff78b689e76 Mon Sep 17 00:00:00 2001
From: Profpatsch <mail@profpatsch.de>
Date: Thu, 25 Mar 2021 15:45:41 +0100
Subject: modules/programs/gnupg: allow extraConfig for gpg-agent.conf
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Since we pass the config, the home directory config isn’t picked up
anymore, so I need to pass it via `extraConfig`.
---
 machines/profpatsch/shiki.nix      |  7 +++++++
 modules/programs/gnupg/default.nix | 16 ++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/machines/profpatsch/shiki.nix b/machines/profpatsch/shiki.nix
index 1ee8702d..2fc801fc 100644
--- a/machines/profpatsch/shiki.nix
+++ b/machines/profpatsch/shiki.nix
@@ -355,6 +355,13 @@ in {
       agent = {
         enable = true;
         sshSupport = true;
+        # I only want to unlock it once per session
+        extraConfig = ''
+          default-cache-ttl 34560000
+          default-cache-ttl-ssh 34560000
+          max-cache-ttl 34560000
+          max-cache-ttl-ssh 34560000
+        '';
       };
     };
 
diff --git a/modules/programs/gnupg/default.nix b/modules/programs/gnupg/default.nix
index e474289c..8aacfe03 100644
--- a/modules/programs/gnupg/default.nix
+++ b/modules/programs/gnupg/default.nix
@@ -76,6 +76,18 @@ in {
     agent = {
       enable = lib.mkEnableOption "support for the GnuPG agent";
 
+      extraConfig = lib.mkOption {
+        type = types.str;
+        default = "";
+        example = lib.literalExample ''
+          default-cache-ttl 34560000
+          default-cache-ttl-ssh 34560000
+          max-cache-ttl 34560000
+          max-cache-ttl-ssh 34560000
+        '';
+        description = "The content of gpg-agent.conf";
+      };
+
       pinentry.program = mkOption {
         type = types.path;
         default = "${pkgs.pinentry_gtk2}/bin/pinentry";
@@ -118,6 +130,7 @@ in {
 
         serviceConfig.ExecStart = let
           configFile = pkgs.writeText "gpg-agent.conf" ''
+            # module-defined config
             pinentry-program ${pinentryWrapper}
             ${if cfg.agent.scdaemon.enable
               then "scdaemon-program ${scdaemonRedirector}"
@@ -126,6 +139,9 @@ in {
               then "supervised"
               else "no-detach\ndaemon"}
             ${lib.optionalString cfg.agent.sshSupport "enable-ssh-support"}
+
+            # module user config
+            ${cfg.agent.extraConfig}
           '';
         in "${cfg.package}/bin/gpg-agent --options ${configFile}";
 
-- 
cgit 1.4.1