From 8e1f40ad486637fe12492cea9cf70a5956743c7f Mon Sep 17 00:00:00 2001 From: Kirill Elagin Date: Fri, 18 May 2018 23:14:43 +0300 Subject: [PATCH] gnupg: add gpg-agent service Fixes #77. --- default.nix | 1 + modules/programs/gnupg.nix | 51 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 modules/programs/gnupg.nix diff --git a/default.nix b/default.nix index 16ba9be..f8a7f8d 100644 --- a/default.nix +++ b/default.nix @@ -59,6 +59,7 @@ let ./modules/services/skhd ./modules/programs/bash ./modules/programs/fish.nix + ./modules/programs/gnupg.nix ./modules/programs/man.nix ./modules/programs/info ./modules/programs/nix-index diff --git a/modules/programs/gnupg.nix b/modules/programs/gnupg.nix new file mode 100644 index 0000000..9a67ec8 --- /dev/null +++ b/modules/programs/gnupg.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.programs.gnupg; + +in + +{ + options.programs.gnupg = { + agent.enable = mkOption { + type = types.bool; + default = false; + description = '' + Enables GnuPG agent for every user session. + ''; + }; + + agent.enableSSHSupport = mkOption { + type = types.bool; + default = false; + description = '' + Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK + environment variable correctly. + ''; + }; + }; + + config = mkIf cfg.agent.enable { + launchd.user.agents.gnupg-agent.serviceConfig = { + ProgramArguments = [ + "${pkgs.gnupg}/bin/gpg-connect-agent" "/bye" + ]; + RunAtLoad = cfg.agent.enableSSHSupport; + KeepAlive = true; + }; + + environment.extraInit = '' + # Bind gpg-agent to this TTY if gpg commands are used. + export GPG_TTY=$(tty) + '' + (optionalString cfg.agent.enableSSHSupport '' + # SSH agent protocol doesn't support changing TTYs, so bind the agent + # to every new TTY. + ${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null + + export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) + ''); + }; +}