From 1eb0549a1ab3fe3f5acf86668249be15fa0e64f7 Mon Sep 17 00:00:00 2001 From: Austin Horstman Date: Tue, 24 Mar 2026 09:49:14 -0500 Subject: [PATCH] password-store: silence settings default warning Use the deferred state-version helper mode for programs.password-store.settings so explicit empty and explicit legacy values silence the warning correctly, while partial legacy-era settings still inherit PASSWORD_STORE_DIR until the user resolves the migration. Add integration coverage for password-store and pass-secret-service to verify legacy, explicit empty, explicit legacy, and partial-settings behavior. Signed-off-by: Austin Horstman --- modules/programs/password-store.nix | 63 +++++++++++-------- .../programs/password-store/default.nix | 3 + .../old-default-explicit-empty-settings.nix | 12 ++++ .../old-default-explicit-legacy-path.nix | 15 +++++ .../old-default-partial-settings.nix | 15 +++++ .../password-store/old-default-path.nix | 11 ++++ .../services/pass-secret-service/default.nix | 3 + .../old-default-empty-settings.nix | 19 ++++++ .../old-default-explicit-legacy-path.nix | 21 +++++++ .../old-default-partial-settings.nix | 19 ++++++ .../pass-secret-service/old-default-path.nix | 11 ++++ 11 files changed, 165 insertions(+), 27 deletions(-) create mode 100644 tests/modules/programs/password-store/old-default-explicit-empty-settings.nix create mode 100644 tests/modules/programs/password-store/old-default-explicit-legacy-path.nix create mode 100644 tests/modules/programs/password-store/old-default-partial-settings.nix create mode 100644 tests/modules/services/pass-secret-service/old-default-empty-settings.nix create mode 100644 tests/modules/services/pass-secret-service/old-default-explicit-legacy-path.nix create mode 100644 tests/modules/services/pass-secret-service/old-default-partial-settings.nix diff --git a/modules/programs/password-store.nix b/modules/programs/password-store.nix index ba93522e..33dc8453 100644 --- a/modules/programs/password-store.nix +++ b/modules/programs/password-store.nix @@ -1,6 +1,7 @@ { config, lib, + options, pkgs, ... }: @@ -9,6 +10,28 @@ let cfg = config.programs.password-store; + settingsStateVersion = lib.hm.deprecations.mkStateVersionOptionDefault { + inherit (config.home) stateVersion; + inherit config options; + since = "25.11"; + optionPath = [ + "programs" + "password-store" + "settings" + ]; + legacy = { + value = { + PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store"; + }; + text = ''{ PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }''; + }; + current.value = { }; + deferWarningToConfig = true; + }; + + legacyCompatibleSettings = + lib.optionalAttrs settingsStateVersion.shouldWarn settingsStateVersion.effectiveDefault + // cfg.settings; in { meta.maintainers = with lib.maintainers; [ euxane ]; @@ -21,29 +44,9 @@ in extraDescription = "Can be used to specify extensions."; }; - settings = mkOption rec { + settings = mkOption { type = with types; attrsOf str; - apply = lib.mergeAttrs default; - inherit - (lib.hm.deprecations.mkStateVersionOptionDefault { - inherit (config.home) stateVersion; - since = "25.11"; - optionPath = [ - "programs" - "password-store" - "settings" - ]; - legacy = { - value = { - PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store"; - }; - text = ''{ PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }''; - }; - current.value = { }; - }) - default - defaultText - ; + inherit (settingsStateVersion) default defaultText; example = literalExpression '' { PASSWORD_STORE_DIR = "$\{config.xdg.dataHome\}/password-store"; @@ -63,15 +66,21 @@ in }; config = lib.mkIf cfg.enable { - home.packages = [ cfg.package ]; - home.sessionVariables = cfg.settings; + warnings = lib.optional settingsStateVersion.shouldWarn settingsStateVersion.warning; - services.pass-secret-service = lib.mkIf (builtins.hasAttr "PASSWORD_STORE_DIR" cfg.settings) { - storePath = cfg.settings.PASSWORD_STORE_DIR; + home = { + packages = [ cfg.package ]; + sessionVariables = legacyCompatibleSettings; }; + services.pass-secret-service = + lib.mkIf (builtins.hasAttr "PASSWORD_STORE_DIR" legacyCompatibleSettings) + { + storePath = legacyCompatibleSettings.PASSWORD_STORE_DIR; + }; + xsession.importedVariables = lib.mkIf config.xsession.enable ( - lib.mapAttrsToList (name: value: name) cfg.settings + lib.mapAttrsToList (name: _value: name) legacyCompatibleSettings ); }; } diff --git a/tests/modules/programs/password-store/default.nix b/tests/modules/programs/password-store/default.nix index 9520fea0..ec678843 100644 --- a/tests/modules/programs/password-store/default.nix +++ b/tests/modules/programs/password-store/default.nix @@ -1,5 +1,8 @@ { password-store-default-path = ./default-path.nix; password-store-old-default-path = ./old-default-path.nix; + password-store-old-default-explicit-empty-settings = ./old-default-explicit-empty-settings.nix; + password-store-old-default-explicit-legacy-path = ./old-default-explicit-legacy-path.nix; + password-store-old-default-partial-settings = ./old-default-partial-settings.nix; password-store-nondefault-path = ./nondefault-path.nix; } diff --git a/tests/modules/programs/password-store/old-default-explicit-empty-settings.nix b/tests/modules/programs/password-store/old-default-explicit-empty-settings.nix new file mode 100644 index 00000000..a05207d7 --- /dev/null +++ b/tests/modules/programs/password-store/old-default-explicit-empty-settings.nix @@ -0,0 +1,12 @@ +{ + home.stateVersion = "25.05"; # <= 25.11 + programs.password-store = { + enable = true; + settings = { }; + }; + + nmt.script = '' + assertFileNotRegex home-path/etc/profile.d/hm-session-vars.sh \ + '^export PASSWORD_STORE_DIR=' + ''; +} diff --git a/tests/modules/programs/password-store/old-default-explicit-legacy-path.nix b/tests/modules/programs/password-store/old-default-explicit-legacy-path.nix new file mode 100644 index 00000000..9ef39a25 --- /dev/null +++ b/tests/modules/programs/password-store/old-default-explicit-legacy-path.nix @@ -0,0 +1,15 @@ +{ config, ... }: +{ + home.stateVersion = "25.05"; # <= 25.11 + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store"; + }; + }; + + nmt.script = '' + assertFileContains home-path/etc/profile.d/hm-session-vars.sh \ + 'export PASSWORD_STORE_DIR="${config.xdg.dataHome}/password-store"' + ''; +} diff --git a/tests/modules/programs/password-store/old-default-partial-settings.nix b/tests/modules/programs/password-store/old-default-partial-settings.nix new file mode 100644 index 00000000..cbea78d0 --- /dev/null +++ b/tests/modules/programs/password-store/old-default-partial-settings.nix @@ -0,0 +1,15 @@ +{ config, ... }: +{ + home.stateVersion = "25.05"; # <= 25.11 + programs.password-store = { + enable = true; + settings.PASSWORD_STORE_KEY = "12345678"; + }; + + nmt.script = '' + assertFileNotRegex home-path/etc/profile.d/hm-session-vars.sh \ + '^export PASSWORD_STORE_DIR=' + assertFileContains home-path/etc/profile.d/hm-session-vars.sh \ + 'export PASSWORD_STORE_KEY="12345678"' + ''; +} diff --git a/tests/modules/programs/password-store/old-default-path.nix b/tests/modules/programs/password-store/old-default-path.nix index 08b2c8a3..ae08f5be 100644 --- a/tests/modules/programs/password-store/old-default-path.nix +++ b/tests/modules/programs/password-store/old-default-path.nix @@ -3,6 +3,17 @@ home.stateVersion = "25.05"; # <= 25.11 programs.password-store.enable = true; + test.asserts.warnings.expected = [ + '' + The default value of `programs.password-store.settings` has changed from `{ PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }` to `{ }`. + You are currently using the legacy default (`{ PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }`) because `home.stateVersion` is less than "25.11". + To silence this warning and keep legacy behavior, set: + programs.password-store.settings = { PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }; + To adopt the new default behavior, set: + programs.password-store.settings = { }; + '' + ]; + nmt.script = '' assertFileContains home-path/etc/profile.d/hm-session-vars.sh \ 'export PASSWORD_STORE_DIR="${config.xdg.dataHome}/password-store"' diff --git a/tests/modules/services/pass-secret-service/default.nix b/tests/modules/services/pass-secret-service/default.nix index 50f6720d..1a8e683a 100644 --- a/tests/modules/services/pass-secret-service/default.nix +++ b/tests/modules/services/pass-secret-service/default.nix @@ -3,6 +3,9 @@ lib.optionalAttrs pkgs.stdenv.hostPlatform.isLinux { pass-secret-service-default-configuration = ./default-configuration.nix; pass-secret-service-old-default-path = ./old-default-path.nix; + pass-secret-service-old-default-empty-settings = ./old-default-empty-settings.nix; + pass-secret-service-old-default-explicit-legacy-path = ./old-default-explicit-legacy-path.nix; + pass-secret-service-old-default-partial-settings = ./old-default-partial-settings.nix; pass-secret-service-nondefault-path = ./nondefault-path.nix; pass-secret-service-basic-configuration = ./basic-configuration.nix; } diff --git a/tests/modules/services/pass-secret-service/old-default-empty-settings.nix b/tests/modules/services/pass-secret-service/old-default-empty-settings.nix new file mode 100644 index 00000000..eeba2c8a --- /dev/null +++ b/tests/modules/services/pass-secret-service/old-default-empty-settings.nix @@ -0,0 +1,19 @@ +{ config, ... }: +{ + home.stateVersion = "25.05"; # <= 25.11 + programs.password-store = { + enable = true; + settings = { }; + }; + services.pass-secret-service = { + enable = true; + package = config.lib.test.mkStubPackage { }; + }; + + nmt.script = '' + serviceFile=home-files/.config/systemd/user/pass-secret-service.service + + assertFileExists $serviceFile + assertFileNotRegex $serviceFile '--path ' + ''; +} diff --git a/tests/modules/services/pass-secret-service/old-default-explicit-legacy-path.nix b/tests/modules/services/pass-secret-service/old-default-explicit-legacy-path.nix new file mode 100644 index 00000000..3e625042 --- /dev/null +++ b/tests/modules/services/pass-secret-service/old-default-explicit-legacy-path.nix @@ -0,0 +1,21 @@ +{ config, ... }: +{ + home.stateVersion = "25.05"; # <= 25.11 + programs.password-store = { + enable = true; + settings = { + PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store"; + }; + }; + services.pass-secret-service = { + enable = true; + package = config.lib.test.mkStubPackage { }; + }; + + nmt.script = '' + serviceFile=home-files/.config/systemd/user/pass-secret-service.service + + assertFileExists $serviceFile + assertFileRegex $serviceFile '^ExecStart=.*/bin/pass_secret_service --path ${config.xdg.dataHome}/password-store$' + ''; +} diff --git a/tests/modules/services/pass-secret-service/old-default-partial-settings.nix b/tests/modules/services/pass-secret-service/old-default-partial-settings.nix new file mode 100644 index 00000000..b1d300bc --- /dev/null +++ b/tests/modules/services/pass-secret-service/old-default-partial-settings.nix @@ -0,0 +1,19 @@ +{ config, ... }: +{ + home.stateVersion = "25.05"; # <= 25.11 + programs.password-store = { + enable = true; + settings.PASSWORD_STORE_KEY = "12345678"; + }; + services.pass-secret-service = { + enable = true; + package = config.lib.test.mkStubPackage { }; + }; + + nmt.script = '' + serviceFile=home-files/.config/systemd/user/pass-secret-service.service + + assertFileExists $serviceFile + assertFileNotRegex $serviceFile '--path ' + ''; +} diff --git a/tests/modules/services/pass-secret-service/old-default-path.nix b/tests/modules/services/pass-secret-service/old-default-path.nix index d65a7597..b0d1ab6b 100644 --- a/tests/modules/services/pass-secret-service/old-default-path.nix +++ b/tests/modules/services/pass-secret-service/old-default-path.nix @@ -8,6 +8,17 @@ package = config.lib.test.mkStubPackage { }; }; + test.asserts.warnings.expected = [ + '' + The default value of `programs.password-store.settings` has changed from `{ PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }` to `{ }`. + You are currently using the legacy default (`{ PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }`) because `home.stateVersion` is less than "25.11". + To silence this warning and keep legacy behavior, set: + programs.password-store.settings = { PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }; + To adopt the new default behavior, set: + programs.password-store.settings = { }; + '' + ]; + nmt.script = '' serviceFile=home-files/.config/systemd/user/pass-secret-service.service