diff options
author | Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> | 2023-10-09 11:12:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-09 11:12:55 +0200 |
commit | 2e541873997618b1c258306e798bbfa4c45b7d35 (patch) | |
tree | 816dc78c7029618cce4254e6be7a277db9f31fb4 | |
parent | 2b82a1fe8f2704a21c6e15434ac7863aaf48723b (diff) | |
parent | f0a8e05a5d95d2b4e08b53e0ae6c3bbe38b98945 (diff) | |
download | nixpkgs-2e541873997618b1c258306e798bbfa4c45b7d35.tar nixpkgs-2e541873997618b1c258306e798bbfa4c45b7d35.tar.gz nixpkgs-2e541873997618b1c258306e798bbfa4c45b7d35.tar.bz2 nixpkgs-2e541873997618b1c258306e798bbfa4c45b7d35.tar.lz nixpkgs-2e541873997618b1c258306e798bbfa4c45b7d35.tar.xz nixpkgs-2e541873997618b1c258306e798bbfa4c45b7d35.tar.zst nixpkgs-2e541873997618b1c258306e798bbfa4c45b7d35.zip |
Merge pull request #258347 from Benjamin-L/gnupg-agent-extraconfig
nixos/gnupg: add agent.settings option
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2311.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/programs/gnupg.nix | 27 |
2 files changed, 25 insertions, 4 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 3a1ccfd6bc9..3d9ff866242 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -329,6 +329,8 @@ The module update takes care of the new config syntax and the data itself (user - `programs.gnupg.agent.pinentryFlavor` is now set in `/etc/gnupg/gpg-agent.conf`, and will no longer take precedence over a `pinentry-program` set in `~/.gnupg/gpg-agent.conf`. +- `programs.gnupg` now has the option `agent.settings` to set verbatim config values in `/etc/gnupg/gpg-agent.conf`. + - `dockerTools.buildImage`, `dockerTools.buildLayeredImage` and `dockerTools.streamLayeredImage` now use `lib.makeOverridable` to allow `dockerTools`-based images to be customized more efficiently at the nix-level. - `services.influxdb2` now supports doing an automatic initial setup and provisioning of users, organizations, buckets and authentication tokens, see [#249502](https://github.com/NixOS/nixpkgs/pull/249502) for more details. diff --git a/nixos/modules/programs/gnupg.nix b/nixos/modules/programs/gnupg.nix index 12ef8671b74..aa1a536247c 100644 --- a/nixos/modules/programs/gnupg.nix +++ b/nixos/modules/programs/gnupg.nix @@ -6,6 +6,10 @@ let cfg = config.programs.gnupg; + agentSettingsFormat = pkgs.formats.keyValue { + mkKeyValue = lib.generators.mkKeyValueDefault { } " "; + }; + xserverCfg = config.services.xserver; defaultPinentryFlavor = @@ -82,6 +86,18 @@ in ''; }; + agent.settings = mkOption { + type = agentSettingsFormat.type; + default = { }; + example = { + default-cache-ttl = 600; + }; + description = lib.mdDoc '' + Configuration for /etc/gnupg/gpg-agent.conf. + See {manpage}`gpg-agent(1)` for supported options. + ''; + }; + dirmngr.enable = mkOption { type = types.bool; default = false; @@ -92,10 +108,13 @@ in }; config = mkIf cfg.agent.enable { - environment.etc."gnupg/gpg-agent.conf".text = - lib.optionalString (cfg.agent.pinentryFlavor != null) '' - pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry - ''; + programs.gnupg.agent.settings = { + pinentry-program = lib.mkIf (cfg.agent.pinentryFlavor != null) + "${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry"; + }; + + environment.etc."gnupg/gpg-agent.conf".source = + agentSettingsFormat.generate "gpg-agent.conf" cfg.agent.settings; # This overrides the systemd user unit shipped with the gnupg package systemd.user.services.gpg-agent = { |