mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-11 15:08:33 +01:00
nixos/goldwarden: init
This commit is contained in:
parent
a5404e6de9
commit
7ffcd69c1f
|
@ -193,6 +193,7 @@
|
|||
./programs/gnome-disks.nix
|
||||
./programs/gnome-terminal.nix
|
||||
./programs/gnupg.nix
|
||||
./programs/goldwarden.nix
|
||||
./programs/gpaste.nix
|
||||
./programs/gphoto2.nix
|
||||
./programs/haguichi.nix
|
||||
|
|
50
nixos/modules/programs/goldwarden.nix
Normal file
50
nixos/modules/programs/goldwarden.nix
Normal file
|
@ -0,0 +1,50 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
let
|
||||
cfg = config.programs.goldwarden;
|
||||
in
|
||||
{
|
||||
options.programs.goldwarden = {
|
||||
enable = lib.mkEnableOption "Goldwarden";
|
||||
package = lib.mkPackageOption pkgs "goldwarden" {};
|
||||
useSshAgent = lib.mkEnableOption "Goldwarden's SSH Agent" // { default = true; };
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = [{
|
||||
assertion = cfg.useSshAgent -> !config.programs.ssh.startAgent;
|
||||
message = "Only one ssh-agent can be used at a time.";
|
||||
}];
|
||||
|
||||
environment = {
|
||||
etc = lib.mkIf config.programs.chromium.enable {
|
||||
"chromium/native-messaging-hosts/com.8bit.bitwarden.json".source = "${cfg.package}/etc/chromium/native-messaging-hosts/com.8bit.bitwarden.json";
|
||||
"opt/chrome/native-messaging-hosts/com.8bit.bitwarden.json".source = "${cfg.package}/etc/chrome/native-messaging-hosts/com.8bit.bitwarden.json";
|
||||
};
|
||||
|
||||
extraInit = lib.mkIf cfg.useSshAgent ''
|
||||
if [ -z "$SSH_AUTH_SOCK" -a -n "$HOME" ]; then
|
||||
export SSH_AUTH_SOCK="$HOME/.goldwarden-ssh-agent.sock"
|
||||
fi
|
||||
'';
|
||||
|
||||
systemPackages = [
|
||||
# for cli and polkit action
|
||||
cfg.package
|
||||
# binary exec's into pinentry which should match the DE
|
||||
config.programs.gnupg.agent.pinentryPackage
|
||||
];
|
||||
};
|
||||
|
||||
programs.firefox.nativeMessagingHosts.packages = [ cfg.package ];
|
||||
|
||||
# see https://github.com/quexten/goldwarden/blob/main/cmd/goldwarden.service
|
||||
systemd.user.services.goldwarden = {
|
||||
description = "Goldwarden daemon";
|
||||
wantedBy = [ "graphical-session.target" ];
|
||||
after = [ "graphical-session.target" ];
|
||||
serviceConfig.ExecStart = "${lib.getExe cfg.package} daemonize";
|
||||
path = [ config.programs.gnupg.agent.pinentryPackage ];
|
||||
unitConfig.ConditionUser = "!@system";
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue