mirror of
https://github.com/nix-community/home-manager
synced 2024-11-27 13:39:46 +01:00
gnome-keyring: add option to use security wrapper provided by nixos
This commit is contained in:
parent
33e12c94c8
commit
65e421bf17
1 changed files with 13 additions and 1 deletions
|
@ -13,6 +13,14 @@ in {
|
||||||
services.gnome-keyring = {
|
services.gnome-keyring = {
|
||||||
enable = mkEnableOption "GNOME Keyring";
|
enable = mkEnableOption "GNOME Keyring";
|
||||||
|
|
||||||
|
useSecurityWrapper = mkEnableOption ''
|
||||||
|
using gnome-keyring-daemon wrapped by NixOS security wrapper
|
||||||
|
(i.e. {file}`/run/wrappers/bin/gnome-keyring-daemon`) with
|
||||||
|
`CAP_IPC_LOCK` to enhance memory security. This option will
|
||||||
|
only work on NixOS with system-wide
|
||||||
|
{option}`services.gnome.gnome-keyring.enable` option enabled
|
||||||
|
'';
|
||||||
|
|
||||||
components = mkOption {
|
components = mkOption {
|
||||||
type = types.listOf (types.enum [ "pkcs11" "secrets" "ssh" "gpg" ]);
|
type = types.listOf (types.enum [ "pkcs11" "secrets" "ssh" "gpg" ]);
|
||||||
default = [ ];
|
default = [ ];
|
||||||
|
@ -49,7 +57,11 @@ in {
|
||||||
args = concatStringsSep " " ([ "--start" "--foreground" ]
|
args = concatStringsSep " " ([ "--start" "--foreground" ]
|
||||||
++ optional (cfg.components != [ ])
|
++ optional (cfg.components != [ ])
|
||||||
("--components=" + concatStringsSep "," cfg.components));
|
("--components=" + concatStringsSep "," cfg.components));
|
||||||
in "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon ${args}";
|
executable = if cfg.useSecurityWrapper then
|
||||||
|
"/run/wrappers/bin/gnome-keyring-daemon"
|
||||||
|
else
|
||||||
|
"${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon";
|
||||||
|
in "${executable} ${args}";
|
||||||
Restart = "on-abort";
|
Restart = "on-abort";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue