From 1d94de5604935591494eeb6ea80bc34ac84a9f23 Mon Sep 17 00:00:00 2001 From: David Houston Date: Sat, 7 May 2022 14:05:10 -0400 Subject: [PATCH] pass-secret-service: various improvements Allow setting the application package and storePath used by the config. Since the `programs.password-store` Home Manager module sets config values via global environment variables, the default behavior of the module should continue to behave as before for the user. Additionally, - Adds a few tests. - Use "escapeShellArg" function call to the path parameter call to ensure paths with spaces work. - Allow not setting storePath, which will cause `pass_secret_service` to default to using `~/.password-store`. - If `pass-secret-service` is enabled, set its store path to default to the one defined in our password-store environment settings. - Add myself (houstdav000) as maintainer. --- modules/programs/password-store.nix | 3 ++ modules/services/pass-secret-service.nix | 43 +++++++++++++------ tests/default.nix | 1 + .../basic-configuration.nix | 17 ++++++++ .../default-configuration.nix | 15 +++++++ .../services/pass-secret-service/default.nix | 4 ++ 6 files changed, 69 insertions(+), 14 deletions(-) create mode 100644 tests/modules/services/pass-secret-service/basic-configuration.nix create mode 100644 tests/modules/services/pass-secret-service/default-configuration.nix create mode 100644 tests/modules/services/pass-secret-service/default.nix diff --git a/modules/programs/password-store.nix b/modules/programs/password-store.nix index e2f463ec..076db93e 100644 --- a/modules/programs/password-store.nix +++ b/modules/programs/password-store.nix @@ -59,6 +59,9 @@ in { home.packages = [ cfg.package ]; home.sessionVariables = cfg.settings; + services.pass-secret-service.storePath = + mkDefault cfg.settings.PASSWORD_STORE_DIR; + xsession.importedVariables = mkIf config.xsession.enable (mapAttrsToList (name: value: name) cfg.settings); }; diff --git a/modules/services/pass-secret-service.nix b/modules/services/pass-secret-service.nix index 06b5be1f..8459099c 100644 --- a/modules/services/pass-secret-service.nix +++ b/modules/services/pass-secret-service.nix @@ -2,31 +2,46 @@ with lib; -let serviceCfg = config.services.pass-secret-service; +let + cfg = config.services.pass-secret-service; + + serviceArgs = + optionalString (cfg.storePath != null) "--path ${cfg.storePath}"; in { - meta.maintainers = [ maintainers.cab404 ]; + meta.maintainers = with maintainers; [ cab404 houstdav000 ]; + options.services.pass-secret-service = { enable = mkEnableOption "Pass libsecret service"; + + package = mkPackageOption pkgs "pass-secret-service" { }; + + storePath = mkOption { + type = with types; nullOr str; + default = null; + defaultText = "~/.password-store"; + example = "/home/user/.local/share/password-store"; + description = "Absolute path to password store."; + }; }; - config = mkIf serviceCfg.enable { + + config = mkIf cfg.enable { assertions = [ (hm.assertions.assertPlatform "services.pass-secret-service" pkgs platforms.linux) - - { - assertion = config.programs.password-store.enable; - message = "The 'services.pass-secret-service' module requires" - + " 'programs.password-store.enable = true'."; - } ]; systemd.user.services.pass-secret-service = { - Unit = { Description = "Pass libsecret service"; }; - Service = { - # pass-secret-service doesn't use environment variables for some reason. - ExecStart = - "${pkgs.pass-secret-service}/bin/pass_secret_service --path ${config.programs.password-store.settings.PASSWORD_STORE_DIR}"; + Unit = { + AssertFileIsExecutable = "${cfg.package}/bin/pass_secret_service"; + Description = "Pass libsecret service"; + Documentation = "https://github.com/mdellweg/pass_secret_service"; + PartOf = [ "default.target" ]; }; + + Service = { + ExecStart = "${cfg.package}/bin/pass_secret_service ${serviceArgs}"; + }; + Install = { WantedBy = [ "default.target" ]; }; }; }; diff --git a/tests/default.nix b/tests/default.nix index 57dedbb8..295254b9 100644 --- a/tests/default.nix +++ b/tests/default.nix @@ -189,6 +189,7 @@ import nmt { ./modules/services/mpdris2 ./modules/services/pantalaimon ./modules/services/parcellite + ./modules/services/pass-secret-service ./modules/services/pbgopy ./modules/services/picom ./modules/services/playerctld diff --git a/tests/modules/services/pass-secret-service/basic-configuration.nix b/tests/modules/services/pass-secret-service/basic-configuration.nix new file mode 100644 index 00000000..f5568df7 --- /dev/null +++ b/tests/modules/services/pass-secret-service/basic-configuration.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: + +{ + services.pass-secret-service = { + enable = true; + package = config.lib.test.mkStubPackage { }; + storePath = "/mnt/password-store"; + }; + + nmt.script = '' + serviceFile=home-files/.config/systemd/user/pass-secret-service.service + + assertFileExists $serviceFile + assertFileRegex $serviceFile 'ExecStart=.*/bin/pass_secret_service' + assertFileRegex $serviceFile '/mnt/password-store' + ''; +} diff --git a/tests/modules/services/pass-secret-service/default-configuration.nix b/tests/modules/services/pass-secret-service/default-configuration.nix new file mode 100644 index 00000000..d418d823 --- /dev/null +++ b/tests/modules/services/pass-secret-service/default-configuration.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: + +{ + services.pass-secret-service = { + enable = true; + package = config.lib.test.mkStubPackage { }; + }; + + nmt.script = '' + serviceFile=home-files/.config/systemd/user/pass-secret-service.service + + assertFileExists $serviceFile + assertFileRegex $serviceFile 'ExecStart=.*/bin/pass_secret_service' + ''; +} diff --git a/tests/modules/services/pass-secret-service/default.nix b/tests/modules/services/pass-secret-service/default.nix new file mode 100644 index 00000000..d841c97e --- /dev/null +++ b/tests/modules/services/pass-secret-service/default.nix @@ -0,0 +1,4 @@ +{ + pass-secret-service-default-configuration = ./default-configuration.nix; + pass-secret-service-basic-configuration = ./basic-configuration.nix; +}