Merge pull request #80 from kirelagin/gpg-agent

gnupg: add gpg-agent service

1 files changed, 51 insertions, 0 deletions

diff --git a/modules/programs/gnupg.nix b/modules/programs/gnupg.nix
new file mode 100644
index 0000000..9a67ec8
--- /dev/null
+++ b/modules/programs/gnupg.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.programs.gnupg;
+
+in
+
+{
+  options.programs.gnupg = {
+    agent.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enables GnuPG agent for every user session.
+      '';
+    };
+
+    agent.enableSSHSupport = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK
+        environment variable correctly.
+      '';
+    };
+  };
+
+  config = mkIf cfg.agent.enable {
+    launchd.user.agents.gnupg-agent.serviceConfig = {
+      ProgramArguments = [
+        "${pkgs.gnupg}/bin/gpg-connect-agent" "/bye"
+      ];
+      RunAtLoad = cfg.agent.enableSSHSupport;
+      KeepAlive = true;
+    };
+
+    environment.extraInit = ''
+      # Bind gpg-agent to this TTY if gpg commands are used.
+      export GPG_TTY=$(tty)
+    '' + (optionalString cfg.agent.enableSSHSupport ''
+      # SSH agent protocol doesn't support changing TTYs, so bind the agent
+      # to every new TTY.
+      ${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
+
+      export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
+    '');
+  };
+}