nix-files/hosts/common/programs/gnome-keyring/default.nix

{ config, lib, pkgs, ... }:
{
  sane.programs.gnome-keyring = {
    packageUnwrapped = pkgs.gnome.gnome-keyring;

    persist.byStore.private = [
      ".local/share/keyrings"
    ];

    fs.".local/share/keyrings/Default_keyring.keyring" = {
      file.text = ''
        [keyring]
        display-name=Default keyring
        lock-on-idle=false
        lock-after=false
      '';
      wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
      # TODO: move gnome-keyring.service under our control and then i can
      #       ensure ordering here.
      wantedBeforeBy = [ ];  # don't create this as part of `multi-user.target`
    };
    fs.".local/share/keyrings/default" = {
      file.text = "Default_keyring.keyring";  #< no trailing newline
      wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
      # TODO: move gnome-keyring.service under our control and then i can
      #       ensure ordering here.
      wantedBeforeBy = [ ];  # don't create this as part of `multi-user.target`
    };
  };

  # adds gnome-keyring as a xdg-data-portal (xdg.portal)
  # TODO: the gnome-keyring which this puts on PATH isn't sandboxed!
  #   nixos service doesn't even let it be pluggable
  services.gnome.gnome-keyring = lib.mkIf config.sane.programs.gnome-keyring.enabled {
    enable = true;
  };
}
gnome-keyring: move persistence and init script to sane.programs 2024-02-23 07:19:14 +00:00			`{ config, lib, pkgs, ... }:`
			`{`
			`sane.programs.gnome-keyring = {`
			`packageUnwrapped = pkgs.gnome.gnome-keyring;`

			`persist.byStore.private = [`
			`".local/share/keyrings"`
			`];`

gnome-keyring: simplify the scripts (untested) 2024-02-23 08:14:09 +00:00			`fs.".local/share/keyrings/Default_keyring.keyring" = {`
gnome-keyring: use sane.fs abstractions to write out the keyrings 2024-02-23 08:57:41 +00:00			`file.text = ''`
			`[keyring]`
			`display-name=Default keyring`
			`lock-on-idle=false`
			`lock-after=false`
			`'';`
gnome-keyring: simplify the scripts (untested) 2024-02-23 08:14:09 +00:00			`wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];`
			`# TODO: move gnome-keyring.service under our control and then i can`
			`# ensure ordering here.`
			wantedBeforeBy = [ ]; # don't create this as part of `multi-user.target`
			`};`
gnome-keyring: move persistence and init script to sane.programs 2024-02-23 07:19:14 +00:00			`fs.".local/share/keyrings/default" = {`
gnome-keyring: use sane.fs abstractions to write out the keyrings 2024-02-23 08:57:41 +00:00			`file.text = "Default_keyring.keyring"; #< no trailing newline`
gnome-keyring: simplify the scripts (untested) 2024-02-23 08:14:09 +00:00			`wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];`
			`# TODO: move gnome-keyring.service under our control and then i can`
			`# ensure ordering here.`
			wantedBeforeBy = [ ]; # don't create this as part of `multi-user.target`
gnome-keyring: move persistence and init script to sane.programs 2024-02-23 07:19:14 +00:00			`};`
			`};`

			`# adds gnome-keyring as a xdg-data-portal (xdg.portal)`
			`# TODO: the gnome-keyring which this puts on PATH isn't sandboxed!`
			`# nixos service doesn't even let it be pluggable`
			`services.gnome.gnome-keyring = lib.mkIf config.sane.programs.gnome-keyring.enabled {`
			`enable = true;`
			`};`
			`}`