X: Add support for starting the GnuPG agent.

svn path=/nixos/trunk/; revision=18509
2009-11-21 22:14:01 +00:00 · 2009-11-21 22:14:01 +00:00 · 66d8af6d09
commit 66d8af6d09
parent ea2417ac87
2 changed files with 34 additions and 5 deletions
--- a/modules/services/x11/display-managers/default.nix
+++ b/modules/services/x11/display-managers/default.nix
@ -43,6 +43,17 @@ let
        fi
      ''}

+      ${optionalString cfg.startGnuPGAgent ''
+        if test -z "$SSH_AUTH_SOCK"; then
+            # Restart this script as a child of the GnuPG agent.
+            exec "${pkgs.gnupg2}/bin/gpg-agent"                         \
+              --enable-ssh-support --daemon                             \
+              --pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2"  \
+              --write-env-file "$HOME/.gpg-agent-info"                  \
+              "$0" "$sessionType"
+        fi
+      ''}
+
      # Start a ConsoleKit session so that we get ownership of various
      # devices.
      if test -z "$XDG_SESSION_COOKIE"; then
--- a/modules/services/x11/xserver.nix
+++ b/modules/services/x11/xserver.nix
@ -208,6 +208,16 @@ in
        '';
      };

+      startGnuPGAgent = mkOption {
+        default = true;
+        description = ''
+          Whether to start the GnuPG agent when you log in.  The GnuPG agent
+          remembers private keys for you so that you don't have to type in
+          passphrases every time you make an SSH connection or sign/encrypt
+          data.  Use <command>ssh-add</command> to add a key to the agent.
+        '';
+      };
+
      layout = mkOption {
        default = "us";
        description = ''
@ -322,13 +332,21 @@ in


  ###### implementation
-  
+
  config = mkIf cfg.enable {

-    assertions = singleton
-      { assertion = config.services.hal.enable == true;
-        message = "The X server needs HAL running. Set services.hal.enable to true";
-      };
+    assertions =
+      [ { assertion = config.services.hal.enable == true;
+          message = "The X server needs HAL running. Set services.hal.enable to true";
+        }
+
+        { assertion = (cfg.startSSHAgent -> !cfg.startGnuPGAgent)
+                       && (cfg.startGnuPGAgent -> !cfg.startSSHAgent);
+          message =
+            "The OpenSSH SSH agent and GnuPG agent cannot be started " +
+            "both.  Choose between `startSSHAgent' and `startGnuPGAgent'.";
+        }
+      ];

    boot.extraModulePackages =
      optional (elem "nvidia" driverNames) kernelPackages.nvidia_x11 ++