diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 37951ce90..80ba8c486 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -489,7 +489,8 @@ Makefile @thiagokokada
/modules/services/parcellite.nix @gleber
-/modules/services/pass-secret-service.nix @cab404
+/modules/services/pass-secret-service.nix @cab404 @cyntheticfox
+/tests/modules/services/pass-secret-service.nix @cyntheticfox
/modules/services/password-store-sync.nix @pacien
diff --git a/modules/services/gnome-keyring.nix b/modules/services/gnome-keyring.nix
index 7267129d7..597e97675 100644
--- a/modules/services/gnome-keyring.nix
+++ b/modules/services/gnome-keyring.nix
@@ -28,6 +28,14 @@ in {
assertions = [
(lib.hm.assertions.assertPlatform "services.gnome-keyring" pkgs
lib.platforms.linux)
+ {
+ assertion = !config.services.pass-secret-store.enable;
+ message = ''
+ Only one secrets service per user can be enabled at a time.
+ Other services enabled:
+ - pass-secret-store
+ '';
+ }
];
systemd.user.services.gnome-keyring = {
diff --git a/modules/services/pass-secret-service.nix b/modules/services/pass-secret-service.nix
index 53e4c1081..91e5cd017 100644
--- a/modules/services/pass-secret-service.nix
+++ b/modules/services/pass-secret-service.nix
@@ -5,8 +5,7 @@ with lib;
let
cfg = config.services.pass-secret-service;
- serviceArgs =
- optionalString (cfg.storePath != null) "--path ${cfg.storePath}";
+ busName = "org.freedesktop.secrets";
in {
meta.maintainers = with maintainers; [ cab404 cyntheticfox ];
@@ -18,9 +17,14 @@ in {
storePath = mkOption {
type = with types; nullOr str;
default = null;
- defaultText = "~/.password-store";
+ defaultText = "$HOME/.password-store";
example = "/home/user/.local/share/password-store";
- description = "Absolute path to password store.";
+ description = ''
+ Absolute path to password store. Defaults to
+ $HOME/.password-store if the
+ module is not enabled, and
+ if it is.
+ '';
};
};
@@ -28,21 +32,38 @@ in {
assertions = [
(hm.assertions.assertPlatform "services.pass-secret-service" pkgs
platforms.linux)
+ {
+ assertion = !config.services.gnome-keyring.enable;
+ message = ''
+ Only one secrets service per user can be enabled at a time.
+ Other services enabled:
+ - gnome-keyring
+ '';
+ }
];
- systemd.user.services.pass-secret-service = {
- Unit = {
- AssertFileIsExecutable = "${cfg.package}/bin/pass_secret_service";
- Description = "Pass libsecret service";
- Documentation = "https://github.com/mdellweg/pass_secret_service";
- PartOf = [ "default.target" ];
+ systemd.user.services.pass-secret-service =
+ let binPath = "${cfg.package}/bin/pass_secret_service";
+ in {
+ Unit = {
+ AssertFileIsExecutable = "${binPath}";
+ Description = "Pass libsecret service";
+ Documentation = "https://github.com/mdellweg/pass_secret_service";
+ PartOf = [ "default.target" ];
+ };
+
+ Service = {
+ Type = "dbus";
+ ExecStart = "${binPath} ${
+ optionalString (cfg.storePath != null) "--path ${cfg.storePath}"
+ }";
+ BusName = busName;
+ };
+
+ Install.WantedBy = [ "default.target" ];
};
- Service = {
- ExecStart = "${cfg.package}/bin/pass_secret_service ${serviceArgs}";
- };
-
- Install = { WantedBy = [ "default.target" ]; };
- };
+ xdg.dataFile."dbus-1/services/${busName}.service".source =
+ "${cfg.package}/share/dbus-1/services/${busName}.service";
};
}