From c023b0532a7c9761840aefc0e059b2e424fb1520 Mon Sep 17 00:00:00 2001
From: Roman Volosatovs <rvolosatovs@riseup.net>
Date: Sun, 24 Sep 2017 19:39:41 +0200
Subject: [PATCH] gpg-agent: add missing options

---
 modules/services/gpg-agent.nix | 48 +++++++++++++++++++++++++++++++---
 1 file changed, 44 insertions(+), 4 deletions(-)

diff --git a/modules/services/gpg-agent.nix b/modules/services/gpg-agent.nix
index 9f4a9b541..b2122219a 100644
--- a/modules/services/gpg-agent.nix
+++ b/modules/services/gpg-agent.nix
@@ -25,14 +25,48 @@ in
         type = types.nullOr types.int;
         default = null;
         description = ''
-          Set the time a cache entry is valid to the given number of seconds.
+          Set the time a cache entry is valid to the given number of
+          seconds.
+        '';
+      };
+
+      defaultCacheTtlSsh = mkOption {
+        type = types.nullOr types.int;
+        default = null;
+        description = ''
+          Set the time a cache entry used for SSH keys is valid to the
+          given number of seconds.
         '';
       };
 
       enableSshSupport = mkOption {
         type = types.bool;
         default = false;
-        description = "Whether to use the GnuPG key agent for SSH keys.";
+        description = ''
+          Whether to use the GnuPG key agent for SSH keys.
+        '';
+      };
+
+      grabKeyboardAndMouse = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Tell the pinentry to grab the keyboard and mouse. This
+          option should in general be used to avoid X-sniffing
+          attacks. When disabled, this option passes
+          <option>no-grab</option> setting to gpg-agent.
+        '';
+      };
+
+      enableScDaemon = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Make use of the scdaemon tool. This option has the effect of
+          enabling the ability to do smartcard operations. When
+          disabled, this option passes
+          <option>disable-scdaemon</option> setting to gpg-agent.
+        '';
       };
     };
   };
@@ -40,11 +74,17 @@ in
   config = mkIf cfg.enable (mkMerge [
     {
       home.file.".gnupg/gpg-agent.conf".text = concatStringsSep "\n" (
-        optional cfg.enableSshSupport
-          "enable-ssh-support"
+        optional (cfg.enableSshSupport) "enable-ssh-support"
+        ++
+        optional (!cfg.grabKeyboardAndMouse) "no-grab"
+        ++
+        optional (!cfg.enableScDaemon) "disable-scdaemon"
         ++
         optional (cfg.defaultCacheTtl != null)
           "default-cache-ttl ${toString cfg.defaultCacheTtl}"
+        ++
+        optional (cfg.defaultCacheTtlSsh != null)
+          "default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}"
       );
 
       home.sessionVariables =