1
0
Fork 0
mirror of https://github.com/nix-community/home-manager synced 2024-11-23 11:39:46 +01:00

gpg-agent: add enableExtraSocket and verbose options.

This option enables a GPG Agent restricted socket (aka "extra-socket"), which
can be used to forward GPG Agent over SSH.

Additionally `verbose` option enables verbose output of an `gpg-agent.service`
unit for easier debugging.

See: https://wiki.gnupg.org/AgentForwarding
This commit is contained in:
Gleb Peregud 2018-03-11 22:46:41 +01:00 committed by Robert Helgesson
parent 567b21b1d6
commit 9bf9e7ac5c
No known key found for this signature in database
GPG key ID: C3DB11069E65DC86

View file

@ -48,6 +48,23 @@ in
''; '';
}; };
enableExtraSocket = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable extra socket of the GnuPG key agent (useful for GPG
Agent forwarding).
'';
};
verbose = mkOption {
type = types.bool;
default = false;
description = ''
Whether to produce verbose output.
'';
};
grabKeyboardAndMouse = mkOption { grabKeyboardAndMouse = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -115,7 +132,8 @@ in
}; };
Service = { Service = {
ExecStart = "${pkgs.gnupg}/bin/gpg-agent --supervised"; ExecStart = "${pkgs.gnupg}/bin/gpg-agent --supervised"
+ optionalString cfg.verbose " --verbose";
ExecReload = "${pkgs.gnupg}/bin/gpgconf --reload gpg-agent"; ExecReload = "${pkgs.gnupg}/bin/gpgconf --reload gpg-agent";
}; };
}; };
@ -159,5 +177,26 @@ in
}; };
}; };
}) })
(mkIf cfg.enableExtraSocket {
systemd.user.sockets.gpg-agent-extra = {
Unit = {
Description = "GnuPG cryptographic agent and passphrase cache (restricted)";
Documentation = "man:gpg-agent(1) man:ssh(1)";
};
Socket = {
ListenStream = "%t/gnupg/S.gpg-agent.extra";
FileDescriptorName = "extra";
Service = "gpg-agent.service";
SocketMode = "0600";
DirectoryMode = "0700";
};
Install = {
WantedBy = [ "sockets.target" ];
};
};
})
]); ]);
} }