pass-secret-service: Add dbus file, assert (#3953)
* pass-secret-service: Add dbus file, assert Add the dbus service file in the package folder to XDG_DATA_HOME, as well as adding an assertion to ensure both it and `gnome-keyring` aren't enabled at the same time. * pass-secret-service: Add self to CODEOWNERS * pass-secret-service: Call out conflicting module(s) * pass-secret-service: Revert `storePath` change Signed-off-by: Cynthia Fox <cyntheticfox@gh0st.sh> * pass-secret-service: Add password-store module default changes info * pass-secret-service: Fix default info, modularize conflict checks Signed-off-by: Cynthia Fox <cyntheticfox@gh0st.sh> * Revert "pass-secret-service: Fix default info, modularize conflict checks" This reverts commit 851df4fe49edfdb03fb196074ed1c0d7c21f713b. * pass-secret-service: Fix default info Signed-off-by: Cynthia Fox <cyntheticfox@gh0st.sh> * pass-secret-service: Indent `storePath` description --------- Signed-off-by: Cynthia Fox <cyntheticfox@gh0st.sh>
This commit is contained in:
parent
d12ca77844
commit
e34fbe1801
3 changed files with 47 additions and 17 deletions
3
.github/CODEOWNERS
vendored
3
.github/CODEOWNERS
vendored
|
@ -489,7 +489,8 @@ Makefile @thiagokokada
|
||||||
|
|
||||||
/modules/services/parcellite.nix @gleber
|
/modules/services/parcellite.nix @gleber
|
||||||
|
|
||||||
/modules/services/pass-secret-service.nix @cab404
|
/modules/services/pass-secret-service.nix @cab404 @cyntheticfox
|
||||||
|
/tests/modules/services/pass-secret-service.nix @cyntheticfox
|
||||||
|
|
||||||
/modules/services/password-store-sync.nix @pacien
|
/modules/services/password-store-sync.nix @pacien
|
||||||
|
|
||||||
|
|
|
@ -28,6 +28,14 @@ in {
|
||||||
assertions = [
|
assertions = [
|
||||||
(lib.hm.assertions.assertPlatform "services.gnome-keyring" pkgs
|
(lib.hm.assertions.assertPlatform "services.gnome-keyring" pkgs
|
||||||
lib.platforms.linux)
|
lib.platforms.linux)
|
||||||
|
{
|
||||||
|
assertion = !config.services.pass-secret-store.enable;
|
||||||
|
message = ''
|
||||||
|
Only one secrets service per user can be enabled at a time.
|
||||||
|
Other services enabled:
|
||||||
|
- pass-secret-store
|
||||||
|
'';
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.user.services.gnome-keyring = {
|
systemd.user.services.gnome-keyring = {
|
||||||
|
|
|
@ -5,8 +5,7 @@ with lib;
|
||||||
let
|
let
|
||||||
cfg = config.services.pass-secret-service;
|
cfg = config.services.pass-secret-service;
|
||||||
|
|
||||||
serviceArgs =
|
busName = "org.freedesktop.secrets";
|
||||||
optionalString (cfg.storePath != null) "--path ${cfg.storePath}";
|
|
||||||
in {
|
in {
|
||||||
meta.maintainers = with maintainers; [ cab404 cyntheticfox ];
|
meta.maintainers = with maintainers; [ cab404 cyntheticfox ];
|
||||||
|
|
||||||
|
@ -18,9 +17,14 @@ in {
|
||||||
storePath = mkOption {
|
storePath = mkOption {
|
||||||
type = with types; nullOr str;
|
type = with types; nullOr str;
|
||||||
default = null;
|
default = null;
|
||||||
defaultText = "~/.password-store";
|
defaultText = "$HOME/.password-store";
|
||||||
example = "/home/user/.local/share/password-store";
|
example = "/home/user/.local/share/password-store";
|
||||||
description = "Absolute path to password store.";
|
description = ''
|
||||||
|
Absolute path to password store. Defaults to
|
||||||
|
<filename>$HOME/.password-store</filename> if the
|
||||||
|
<option>programs.password-store</option> module is not enabled, and
|
||||||
|
<option>programs.password-store.settings.PASSWORD_STORE_DIR</option> if it is.
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -28,21 +32,38 @@ in {
|
||||||
assertions = [
|
assertions = [
|
||||||
(hm.assertions.assertPlatform "services.pass-secret-service" pkgs
|
(hm.assertions.assertPlatform "services.pass-secret-service" pkgs
|
||||||
platforms.linux)
|
platforms.linux)
|
||||||
|
{
|
||||||
|
assertion = !config.services.gnome-keyring.enable;
|
||||||
|
message = ''
|
||||||
|
Only one secrets service per user can be enabled at a time.
|
||||||
|
Other services enabled:
|
||||||
|
- gnome-keyring
|
||||||
|
'';
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.user.services.pass-secret-service = {
|
systemd.user.services.pass-secret-service =
|
||||||
Unit = {
|
let binPath = "${cfg.package}/bin/pass_secret_service";
|
||||||
AssertFileIsExecutable = "${cfg.package}/bin/pass_secret_service";
|
in {
|
||||||
Description = "Pass libsecret service";
|
Unit = {
|
||||||
Documentation = "https://github.com/mdellweg/pass_secret_service";
|
AssertFileIsExecutable = "${binPath}";
|
||||||
PartOf = [ "default.target" ];
|
Description = "Pass libsecret service";
|
||||||
|
Documentation = "https://github.com/mdellweg/pass_secret_service";
|
||||||
|
PartOf = [ "default.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
Service = {
|
||||||
|
Type = "dbus";
|
||||||
|
ExecStart = "${binPath} ${
|
||||||
|
optionalString (cfg.storePath != null) "--path ${cfg.storePath}"
|
||||||
|
}";
|
||||||
|
BusName = busName;
|
||||||
|
};
|
||||||
|
|
||||||
|
Install.WantedBy = [ "default.target" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
Service = {
|
xdg.dataFile."dbus-1/services/${busName}.service".source =
|
||||||
ExecStart = "${cfg.package}/bin/pass_secret_service ${serviceArgs}";
|
"${cfg.package}/share/dbus-1/services/${busName}.service";
|
||||||
};
|
|
||||||
|
|
||||||
Install = { WantedBy = [ "default.target" ]; };
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue