nixos/gnupg: add option for setting pinentry flavours

Co-authored-by: Florian Klink <flokli@flokli.de>
2018-10-27 16:02:16 +02:00 · 2018-10-27 16:02:16 +02:00 · edea9fed72
commit edea9fed72
parent 66081ceb16
2 changed files with 43 additions and 2 deletions
--- a/nixos/modules/installer/tools/tools.nix
+++ b/nixos/modules/installer/tools/tools.nix
@ -120,7 +120,11 @@ in
        # Some programs need SUID wrappers, can be configured further or are
        # started in user sessions.
        # programs.mtr.enable = true;
-        # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+        # programs.gnupg.agent = {
+        #   enable = true;
+        #   enableSSHSupport = true;
+        #   flavour = "gnome3";
+        # };

        # List services that you want to enable:

--- a/nixos/modules/programs/gnupg.nix
+++ b/nixos/modules/programs/gnupg.nix
@ -6,6 +6,19 @@ let

  cfg = config.programs.gnupg;

+  xserverCfg = config.services.xserver;
+
+  defaultPinentryFlavor =
+    if xserverCfg.desktopManager.lxqt.enable
+    || xserverCfg.desktopManager.plasma5.enable then
+      "qt"
+    else if xserverCfg.desktopManager.xfce.enable then
+      "gtk2"
+    else if xserverCfg.enable then
+      "gnome3"
+    else
+      null;
+
 in

 {
@ -54,6 +67,20 @@ in
      '';
    };

+    agent.pinentryFlavor = mkOption {
+      type = types.nullOr (types.enum pkgs.pinentry.flavors);
+      example = "gnome3";
+      description = ''
+        Which pinentry interface to use. If not null, the path to the
+        pinentry binary will be passed to gpg-agent via commandline and
+        thus overrides the pinentry option in gpg-agent.conf in the user's
+        home directory.
+        If not set at all, it'll pick an appropriate flavor depending on the
+        system configuration (qt3 flavor for lxqt and plasma5, gtk2 for xfce
+        4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
+      '';
+    };
+
    dirmngr.enable = mkOption {
      type = types.bool;
      default = false;
@ -64,6 +91,16 @@ in
  };

  config = mkIf cfg.agent.enable {
+    programs.gnupg.agent.pinentryFlavor = mkDefault defaultPinentryFlavor;
+
+    # This overrides the systemd user unit shipped with the gnupg package
+    systemd.user.services.gpg-agent = mkIf (cfg.agent.pinentryFlavor != null) {
+      serviceConfig.ExecStart = [ "" ''
+        ${pkgs.gnupg}/bin/gpg-agent --supervised \
+          --pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry
+      '' ];
+    };
+
    systemd.user.sockets.gpg-agent = {
      wantedBy = [ "sockets.target" ];
    };
@ -83,7 +120,7 @@ in
    systemd.user.sockets.dirmngr = mkIf cfg.dirmngr.enable {
      wantedBy = [ "sockets.target" ];
    };
-    
+
    environment.systemPackages = with pkgs; [ cfg.package ];
    systemd.packages = [ cfg.package ];