30 lines
848 B
Nix
30 lines
848 B
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
let
|
||
|
|
init-keyring = pkgs.static-nix-shell.mkBash {
|
||
|
|
pname = "init-keyring";
|
||
|
|
src = ./.;
|
||
|
|
};
|
||
|
|
in
|
||
|
|
{
|
||
|
|
sane.programs.gnome-keyring = {
|
||
|
|
packageUnwrapped = pkgs.gnome.gnome-keyring;
|
||
|
|
|
||
|
|
persist.byStore.private = [
|
||
|
|
".local/share/keyrings"
|
||
|
|
];
|
||
|
|
|
||
|
|
fs.".local/share/keyrings/default" = {
|
||
|
|
generated.command = [ "${init-keyring}/bin/init-keyring" ];
|
||
|
|
# wantedBy = [ config.sane.fs."/home/colin/private".unit ];
|
||
|
|
wantedBeforeBy = [ ]; # don't created this as part of `multi-user.target`
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
# adds gnome-keyring as a xdg-data-portal (xdg.portal)
|
||
|
|
# TODO: the gnome-keyring which this puts on PATH isn't sandboxed!
|
||
|
|
# nixos service doesn't even let it be pluggable
|
||
|
|
services.gnome.gnome-keyring = lib.mkIf config.sane.programs.gnome-keyring.enabled {
|
||
|
|
enable = true;
|
||
|
|
};
|
||
|
|
}
|