nix-files/hosts/common/programs/gnome-keyring/default.nix

{ config, lib, pkgs, ... }:
let
  cfg = config.sane.programs.gnome-keyring;
in
{
  sane.programs.gnome-keyring = {
    packageUnwrapped = pkgs.rmDbusServices pkgs.gnome.gnome-keyring;

    persist.byStore.private = [
      ".local/share/keyrings"
    ];

    fs.".local/share/keyrings/Default_keyring.keyring" = {
      file.text = ''
        [keyring]
        display-name=Default keyring
        lock-on-idle=false
        lock-after=false
      '';
      wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
      # TODO: move gnome-keyring.service under our control and then i can
      #       ensure ordering here.
      wantedBeforeBy = [ ];  # don't create this as part of `multi-user.target`
    };
    fs.".local/share/keyrings/default" = {
      file.text = "Default_keyring.keyring";  #< no trailing newline
      wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
      # TODO: move gnome-keyring.service under our control and then i can
      #       ensure ordering here.
      wantedBeforeBy = [ ];  # don't create this as part of `multi-user.target`
    };

    services.gnome-keyring = {
      description = "gnome-keyring-daemon: secret provider";
      after = [ "graphical-session.target" ];
      wantedBy = [ "graphical-session.target" ];
      serviceConfig = {
        ExecStart = "${cfg.package}/bin/gnome-keyring-daemon --start --foreground --components=secrets";
        Type = "simple";
        Restart = "always";
        RestartSec = "20s";
      };
    };
  };
}