From e34fbe18011483d1aac6f44cd2f03c0c89196812 Mon Sep 17 00:00:00 2001 From: Cynthia Fox Date: Sun, 7 May 2023 17:44:48 -0400 Subject: [PATCH] pass-secret-service: Add dbus file, assert (#3953) * pass-secret-service: Add dbus file, assert Add the dbus service file in the package folder to XDG_DATA_HOME, as well as adding an assertion to ensure both it and `gnome-keyring` aren't enabled at the same time. * pass-secret-service: Add self to CODEOWNERS * pass-secret-service: Call out conflicting module(s) * pass-secret-service: Revert `storePath` change Signed-off-by: Cynthia Fox * pass-secret-service: Add password-store module default changes info * pass-secret-service: Fix default info, modularize conflict checks Signed-off-by: Cynthia Fox * Revert "pass-secret-service: Fix default info, modularize conflict checks" This reverts commit 851df4fe49edfdb03fb196074ed1c0d7c21f713b. * pass-secret-service: Fix default info Signed-off-by: Cynthia Fox * pass-secret-service: Indent `storePath` description --------- Signed-off-by: Cynthia Fox --- .github/CODEOWNERS | 3 +- modules/services/gnome-keyring.nix | 8 ++++ modules/services/pass-secret-service.nix | 53 +++++++++++++++++------- 3 files changed, 47 insertions(+), 17 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 37951ce90..80ba8c486 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -489,7 +489,8 @@ Makefile @thiagokokada /modules/services/parcellite.nix @gleber -/modules/services/pass-secret-service.nix @cab404 +/modules/services/pass-secret-service.nix @cab404 @cyntheticfox +/tests/modules/services/pass-secret-service.nix @cyntheticfox /modules/services/password-store-sync.nix @pacien diff --git a/modules/services/gnome-keyring.nix b/modules/services/gnome-keyring.nix index 7267129d7..597e97675 100644 --- a/modules/services/gnome-keyring.nix +++ b/modules/services/gnome-keyring.nix @@ -28,6 +28,14 @@ in { assertions = [ (lib.hm.assertions.assertPlatform "services.gnome-keyring" pkgs lib.platforms.linux) + { + assertion = !config.services.pass-secret-store.enable; + message = '' + Only one secrets service per user can be enabled at a time. + Other services enabled: + - pass-secret-store + ''; + } ]; systemd.user.services.gnome-keyring = { diff --git a/modules/services/pass-secret-service.nix b/modules/services/pass-secret-service.nix index 53e4c1081..91e5cd017 100644 --- a/modules/services/pass-secret-service.nix +++ b/modules/services/pass-secret-service.nix @@ -5,8 +5,7 @@ with lib; let cfg = config.services.pass-secret-service; - serviceArgs = - optionalString (cfg.storePath != null) "--path ${cfg.storePath}"; + busName = "org.freedesktop.secrets"; in { meta.maintainers = with maintainers; [ cab404 cyntheticfox ]; @@ -18,9 +17,14 @@ in { storePath = mkOption { type = with types; nullOr str; default = null; - defaultText = "~/.password-store"; + defaultText = "$HOME/.password-store"; example = "/home/user/.local/share/password-store"; - description = "Absolute path to password store."; + description = '' + Absolute path to password store. Defaults to + $HOME/.password-store if the + module is not enabled, and + if it is. + ''; }; }; @@ -28,21 +32,38 @@ in { assertions = [ (hm.assertions.assertPlatform "services.pass-secret-service" pkgs platforms.linux) + { + assertion = !config.services.gnome-keyring.enable; + message = '' + Only one secrets service per user can be enabled at a time. + Other services enabled: + - gnome-keyring + ''; + } ]; - systemd.user.services.pass-secret-service = { - Unit = { - AssertFileIsExecutable = "${cfg.package}/bin/pass_secret_service"; - Description = "Pass libsecret service"; - Documentation = "https://github.com/mdellweg/pass_secret_service"; - PartOf = [ "default.target" ]; + systemd.user.services.pass-secret-service = + let binPath = "${cfg.package}/bin/pass_secret_service"; + in { + Unit = { + AssertFileIsExecutable = "${binPath}"; + Description = "Pass libsecret service"; + Documentation = "https://github.com/mdellweg/pass_secret_service"; + PartOf = [ "default.target" ]; + }; + + Service = { + Type = "dbus"; + ExecStart = "${binPath} ${ + optionalString (cfg.storePath != null) "--path ${cfg.storePath}" + }"; + BusName = busName; + }; + + Install.WantedBy = [ "default.target" ]; }; - Service = { - ExecStart = "${cfg.package}/bin/pass_secret_service ${serviceArgs}"; - }; - - Install = { WantedBy = [ "default.target" ]; }; - }; + xdg.dataFile."dbus-1/services/${busName}.service".source = + "${cfg.package}/share/dbus-1/services/${busName}.service"; }; }