Unverified Commit 2e541873 authored by Michele Guerini Rocco's avatar Michele Guerini Rocco Committed by GitHub
Browse files

Merge pull request #258347 from Benjamin-L/gnupg-agent-extraconfig 

nixos/gnupg: add agent.settings option
parents 2b82a1fe f0a8e05a

nixos/doc/manual/release-notes/rl-2311.section.md

+2 −0
Original line number Diff line number Diff line
@@ -329,6 +329,8 @@ The module update takes care of the new config syntax and the data itself (user 


- `programs.gnupg.agent.pinentryFlavor` is now set in `/etc/gnupg/gpg-agent.conf`, and will no longer take precedence over a `pinentry-program` set in `~/.gnupg/gpg-agent.conf`.



- `programs.gnupg` now has the option `agent.settings` to set verbatim config values in `/etc/gnupg/gpg-agent.conf`.



- `dockerTools.buildImage`, `dockerTools.buildLayeredImage` and `dockerTools.streamLayeredImage` now use `lib.makeOverridable` to allow `dockerTools`-based images to be customized more efficiently at the nix-level.



- `services.influxdb2` now supports doing an automatic initial setup and provisioning of users, organizations, buckets and authentication tokens, see [#249502](https://github.com/NixOS/nixpkgs/pull/249502) for more details.

nixos/modules/programs/gnupg.nix

+23 −4
Original line number Diff line number Diff line
@@ -6,6 +6,10 @@ let 


  cfg = config.programs.gnupg;



  agentSettingsFormat = pkgs.formats.keyValue {

    mkKeyValue = lib.generators.mkKeyValueDefault { } " ";

  };



  xserverCfg = config.services.xserver;



  defaultPinentryFlavor =
@@ -82,6 +86,18 @@ in 
      '';

    };



    agent.settings = mkOption {

      type = agentSettingsFormat.type;

      default = { };

      example = {

        default-cache-ttl = 600;

      };

      description = lib.mdDoc ''

        Configuration for /etc/gnupg/gpg-agent.conf.

        See {manpage}`gpg-agent(1)` for supported options.

      '';

    };



    dirmngr.enable = mkOption {

      type = types.bool;

      default = false;
@@ -92,10 +108,13 @@ in 
  };



  config = mkIf cfg.agent.enable {

    environment.etc."gnupg/gpg-agent.conf".text =

      lib.optionalString (cfg.agent.pinentryFlavor != null) ''

      pinentry-program ${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry

    '';

    programs.gnupg.agent.settings = {

      pinentry-program = lib.mkIf (cfg.agent.pinentryFlavor != null)

        "${pkgs.pinentry.${cfg.agent.pinentryFlavor}}/bin/pinentry";

    };



    environment.etc."gnupg/gpg-agent.conf".source =

      agentSettingsFormat.generate "gpg-agent.conf" cfg.agent.settings;



    # This overrides the systemd user unit shipped with the gnupg package

    systemd.user.services.gpg-agent = {