pass-secret-service: Add dbus file, assert (#3953)

* pass-secret-service: Add dbus file, assert

Add the dbus service file in the package folder to XDG_DATA_HOME, as
well as adding an assertion to ensure both it and `gnome-keyring` aren't
enabled at the same time.

* pass-secret-service: Add self to CODEOWNERS

* pass-secret-service: Call out conflicting module(s)

* pass-secret-service: Revert `storePath` change

Signed-off-by: Cynthia Fox <cyntheticfox@gh0st.sh>

* pass-secret-service: Add password-store module default changes info

* pass-secret-service: Fix default info, modularize conflict checks

Signed-off-by: Cynthia Fox <cyntheticfox@gh0st.sh>

* Revert "pass-secret-service: Fix default info, modularize conflict checks"

This reverts commit 851df4fe49edfdb03fb196074ed1c0d7c21f713b.

* pass-secret-service: Fix default info

Signed-off-by: Cynthia Fox <cyntheticfox@gh0st.sh>

* pass-secret-service: Indent `storePath` description

---------

Signed-off-by: Cynthia Fox <cyntheticfox@gh0st.sh>
This commit is contained in:
Cynthia Fox 2023-05-07 17:44:48 -04:00 committed by GitHub
parent d12ca77844
commit e34fbe1801
Failed to generate hash of commit
3 changed files with 47 additions and 17 deletions

3
.github/CODEOWNERS vendored
View file

@ -489,7 +489,8 @@ Makefile @thiagokokada
/modules/services/parcellite.nix @gleber /modules/services/parcellite.nix @gleber
/modules/services/pass-secret-service.nix @cab404 /modules/services/pass-secret-service.nix @cab404 @cyntheticfox
/tests/modules/services/pass-secret-service.nix @cyntheticfox
/modules/services/password-store-sync.nix @pacien /modules/services/password-store-sync.nix @pacien

View file

@ -28,6 +28,14 @@ in {
assertions = [ assertions = [
(lib.hm.assertions.assertPlatform "services.gnome-keyring" pkgs (lib.hm.assertions.assertPlatform "services.gnome-keyring" pkgs
lib.platforms.linux) lib.platforms.linux)
{
assertion = !config.services.pass-secret-store.enable;
message = ''
Only one secrets service per user can be enabled at a time.
Other services enabled:
- pass-secret-store
'';
}
]; ];
systemd.user.services.gnome-keyring = { systemd.user.services.gnome-keyring = {

View file

@ -5,8 +5,7 @@ with lib;
let let
cfg = config.services.pass-secret-service; cfg = config.services.pass-secret-service;
serviceArgs = busName = "org.freedesktop.secrets";
optionalString (cfg.storePath != null) "--path ${cfg.storePath}";
in { in {
meta.maintainers = with maintainers; [ cab404 cyntheticfox ]; meta.maintainers = with maintainers; [ cab404 cyntheticfox ];
@ -18,9 +17,14 @@ in {
storePath = mkOption { storePath = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
defaultText = "~/.password-store"; defaultText = "$HOME/.password-store";
example = "/home/user/.local/share/password-store"; example = "/home/user/.local/share/password-store";
description = "Absolute path to password store."; description = ''
Absolute path to password store. Defaults to
<filename>$HOME/.password-store</filename> if the
<option>programs.password-store</option> module is not enabled, and
<option>programs.password-store.settings.PASSWORD_STORE_DIR</option> if it is.
'';
}; };
}; };
@ -28,21 +32,38 @@ in {
assertions = [ assertions = [
(hm.assertions.assertPlatform "services.pass-secret-service" pkgs (hm.assertions.assertPlatform "services.pass-secret-service" pkgs
platforms.linux) platforms.linux)
{
assertion = !config.services.gnome-keyring.enable;
message = ''
Only one secrets service per user can be enabled at a time.
Other services enabled:
- gnome-keyring
'';
}
]; ];
systemd.user.services.pass-secret-service = { systemd.user.services.pass-secret-service =
Unit = { let binPath = "${cfg.package}/bin/pass_secret_service";
AssertFileIsExecutable = "${cfg.package}/bin/pass_secret_service"; in {
Description = "Pass libsecret service"; Unit = {
Documentation = "https://github.com/mdellweg/pass_secret_service"; AssertFileIsExecutable = "${binPath}";
PartOf = [ "default.target" ]; Description = "Pass libsecret service";
Documentation = "https://github.com/mdellweg/pass_secret_service";
PartOf = [ "default.target" ];
};
Service = {
Type = "dbus";
ExecStart = "${binPath} ${
optionalString (cfg.storePath != null) "--path ${cfg.storePath}"
}";
BusName = busName;
};
Install.WantedBy = [ "default.target" ];
}; };
Service = { xdg.dataFile."dbus-1/services/${busName}.service".source =
ExecStart = "${cfg.package}/bin/pass_secret_service ${serviceArgs}"; "${cfg.package}/share/dbus-1/services/${busName}.service";
};
Install = { WantedBy = [ "default.target" ]; };
};
}; };
} }