summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/services/x11/display-managers/default.nix11
-rw-r--r--modules/services/x11/xserver.nix28
2 files changed, 34 insertions, 5 deletions
diff --git a/modules/services/x11/display-managers/default.nix b/modules/services/x11/display-managers/default.nix
index f62c38bf7110..7cc270cf247b 100644
--- a/modules/services/x11/display-managers/default.nix
+++ b/modules/services/x11/display-managers/default.nix
@@ -43,6 +43,17 @@ let
         fi
       ''}
 
+      ${optionalString cfg.startGnuPGAgent ''
+        if test -z "$SSH_AUTH_SOCK"; then
+            # Restart this script as a child of the GnuPG agent.
+            exec "${pkgs.gnupg2}/bin/gpg-agent"                         \
+              --enable-ssh-support --daemon                             \
+              --pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2"  \
+              --write-env-file "$HOME/.gpg-agent-info"                  \
+              "$0" "$sessionType"
+        fi
+      ''}
+
       # Start a ConsoleKit session so that we get ownership of various
       # devices.
       if test -z "$XDG_SESSION_COOKIE"; then
diff --git a/modules/services/x11/xserver.nix b/modules/services/x11/xserver.nix
index e14c9762bd02..ee6f7c50f122 100644
--- a/modules/services/x11/xserver.nix
+++ b/modules/services/x11/xserver.nix
@@ -208,6 +208,16 @@ in
         '';
       };
 
+      startGnuPGAgent = mkOption {
+        default = true;
+        description = ''
+          Whether to start the GnuPG agent when you log in.  The GnuPG agent
+          remembers private keys for you so that you don't have to type in
+          passphrases every time you make an SSH connection or sign/encrypt
+          data.  Use <command>ssh-add</command> to add a key to the agent.
+        '';
+      };
+
       layout = mkOption {
         default = "us";
         description = ''
@@ -322,13 +332,21 @@ in
 
 
   ###### implementation
-  
+
   config = mkIf cfg.enable {
 
-    assertions = singleton
-      { assertion = config.services.hal.enable == true;
-        message = "The X server needs HAL running. Set services.hal.enable to true";
-      };
+    assertions =
+      [ { assertion = config.services.hal.enable == true;
+          message = "The X server needs HAL running. Set services.hal.enable to true";
+        }
+
+        { assertion = (cfg.startSSHAgent -> !cfg.startGnuPGAgent)
+                       && (cfg.startGnuPGAgent -> !cfg.startSSHAgent);
+          message =
+            "The OpenSSH SSH agent and GnuPG agent cannot be started " +
+            "both.  Choose between `startSSHAgent' and `startGnuPGAgent'.";
+        }
+      ];
 
     boot.extraModulePackages =
       optional (elem "nvidia" driverNames) kernelPackages.nvidia_x11 ++
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-14 13:47:50 +0000