Luke Granger-Brown
57725ef3ec
git-subtree-dir: third_party/nixpkgs git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
50 lines
1.8 KiB
Nix
50 lines
1.8 KiB
Nix
{ lib, config, pkgs, ... }:
|
|
let
|
|
cfg = config.programs.goldwarden;
|
|
in
|
|
{
|
|
options.programs.goldwarden = {
|
|
enable = lib.mkEnableOption "Goldwarden";
|
|
package = lib.mkPackageOption pkgs "goldwarden" {};
|
|
useSshAgent = lib.mkEnableOption "Goldwarden's SSH Agent" // { default = true; };
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
assertions = [{
|
|
assertion = cfg.useSshAgent -> !config.programs.ssh.startAgent;
|
|
message = "Only one ssh-agent can be used at a time.";
|
|
}];
|
|
|
|
environment = {
|
|
etc = lib.mkIf config.programs.chromium.enable {
|
|
"chromium/native-messaging-hosts/com.8bit.bitwarden.json".source = "${cfg.package}/etc/chromium/native-messaging-hosts/com.8bit.bitwarden.json";
|
|
"opt/chrome/native-messaging-hosts/com.8bit.bitwarden.json".source = "${cfg.package}/etc/chrome/native-messaging-hosts/com.8bit.bitwarden.json";
|
|
};
|
|
|
|
extraInit = lib.mkIf cfg.useSshAgent ''
|
|
if [ -z "$SSH_AUTH_SOCK" -a -n "$HOME" ]; then
|
|
export SSH_AUTH_SOCK="$HOME/.goldwarden-ssh-agent.sock"
|
|
fi
|
|
'';
|
|
|
|
systemPackages = [
|
|
# for cli and polkit action
|
|
cfg.package
|
|
# binary exec's into pinentry which should match the DE
|
|
config.programs.gnupg.agent.pinentryPackage
|
|
];
|
|
};
|
|
|
|
programs.firefox.nativeMessagingHosts.packages = [ cfg.package ];
|
|
|
|
# see https://github.com/quexten/goldwarden/blob/main/cmd/goldwarden.service
|
|
systemd.user.services.goldwarden = {
|
|
description = "Goldwarden daemon";
|
|
wantedBy = [ "graphical-session.target" ];
|
|
after = [ "graphical-session.target" ];
|
|
serviceConfig.ExecStart = "${lib.getExe cfg.package} daemonize";
|
|
path = [ config.programs.gnupg.agent.pinentryPackage ];
|
|
unitConfig.ConditionUser = "!@system";
|
|
};
|
|
};
|
|
}
|