pass-secret-service: various improvements

Allow setting the application package and storePath used by the
config. Since the `programs.password-store` Home Manager module sets
config values via global environment variables, the default behavior
of the module should continue to behave as before for the user.

Additionally,

- Adds a few tests.

- Use "escapeShellArg" function call to the path parameter call to
  ensure paths with spaces work.

- Allow not setting storePath, which will cause `pass_secret_service`
  to default to using `~/.password-store`.

- If `pass-secret-service` is enabled, set its store path to default
  to the one defined in our password-store environment settings.

- Add myself (houstdav000) as maintainer.
This commit is contained in:
David Houston 2022-05-07 14:05:10 -04:00 committed by Robert Helgesson
parent 1c6f3054ca
commit 1d94de5604
Failed to generate hash of commit
6 changed files with 69 additions and 14 deletions

View file

@ -59,6 +59,9 @@ in {
home.packages = [ cfg.package ];
home.sessionVariables = cfg.settings;
services.pass-secret-service.storePath =
mkDefault cfg.settings.PASSWORD_STORE_DIR;
xsession.importedVariables = mkIf config.xsession.enable
(mapAttrsToList (name: value: name) cfg.settings);
};

View file

@ -2,31 +2,46 @@
with lib;
let serviceCfg = config.services.pass-secret-service;
let
cfg = config.services.pass-secret-service;
serviceArgs =
optionalString (cfg.storePath != null) "--path ${cfg.storePath}";
in {
meta.maintainers = [ maintainers.cab404 ];
meta.maintainers = with maintainers; [ cab404 houstdav000 ];
options.services.pass-secret-service = {
enable = mkEnableOption "Pass libsecret service";
package = mkPackageOption pkgs "pass-secret-service" { };
storePath = mkOption {
type = with types; nullOr str;
default = null;
defaultText = "~/.password-store";
example = "/home/user/.local/share/password-store";
description = "Absolute path to password store.";
};
};
config = mkIf serviceCfg.enable {
config = mkIf cfg.enable {
assertions = [
(hm.assertions.assertPlatform "services.pass-secret-service" pkgs
platforms.linux)
{
assertion = config.programs.password-store.enable;
message = "The 'services.pass-secret-service' module requires"
+ " 'programs.password-store.enable = true'.";
}
];
systemd.user.services.pass-secret-service = {
Unit = { Description = "Pass libsecret service"; };
Service = {
# pass-secret-service doesn't use environment variables for some reason.
ExecStart =
"${pkgs.pass-secret-service}/bin/pass_secret_service --path ${config.programs.password-store.settings.PASSWORD_STORE_DIR}";
Unit = {
AssertFileIsExecutable = "${cfg.package}/bin/pass_secret_service";
Description = "Pass libsecret service";
Documentation = "https://github.com/mdellweg/pass_secret_service";
PartOf = [ "default.target" ];
};
Service = {
ExecStart = "${cfg.package}/bin/pass_secret_service ${serviceArgs}";
};
Install = { WantedBy = [ "default.target" ]; };
};
};

View file

@ -189,6 +189,7 @@ import nmt {
./modules/services/mpdris2
./modules/services/pantalaimon
./modules/services/parcellite
./modules/services/pass-secret-service
./modules/services/pbgopy
./modules/services/picom
./modules/services/playerctld

View file

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
services.pass-secret-service = {
enable = true;
package = config.lib.test.mkStubPackage { };
storePath = "/mnt/password-store";
};
nmt.script = ''
serviceFile=home-files/.config/systemd/user/pass-secret-service.service
assertFileExists $serviceFile
assertFileRegex $serviceFile 'ExecStart=.*/bin/pass_secret_service'
assertFileRegex $serviceFile '/mnt/password-store'
'';
}

View file

@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
services.pass-secret-service = {
enable = true;
package = config.lib.test.mkStubPackage { };
};
nmt.script = ''
serviceFile=home-files/.config/systemd/user/pass-secret-service.service
assertFileExists $serviceFile
assertFileRegex $serviceFile 'ExecStart=.*/bin/pass_secret_service'
'';
}

View file

@ -0,0 +1,4 @@
{
pass-secret-service-default-configuration = ./default-configuration.nix;
pass-secret-service-basic-configuration = ./basic-configuration.nix;
}