gpg-agent: add enableExtraSocket
and verbose
options.
This option enables a GPG Agent restricted socket (aka "extra-socket"), which
can be used to forward GPG Agent over SSH.
Additionally `verbose` option enables verbose output of an `gpg-agent.service`
unit for easier debugging.
See: https://wiki.gnupg.org/AgentForwarding
(cherry picked from commit 9bf9e7ac5c
)
This commit is contained in:
parent
698094b4d6
commit
5db56a320c
|
@ -48,6 +48,23 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
enableExtraSocket = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable extra socket of the GnuPG key agent (useful for GPG
|
||||
Agent forwarding).
|
||||
'';
|
||||
};
|
||||
|
||||
verbose = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to produce verbose output.
|
||||
'';
|
||||
};
|
||||
|
||||
grabKeyboardAndMouse = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
@ -115,7 +132,8 @@ in
|
|||
};
|
||||
|
||||
Service = {
|
||||
ExecStart = "${pkgs.gnupg}/bin/gpg-agent --supervised";
|
||||
ExecStart = "${pkgs.gnupg}/bin/gpg-agent --supervised"
|
||||
+ optionalString cfg.verbose " --verbose";
|
||||
ExecReload = "${pkgs.gnupg}/bin/gpgconf --reload gpg-agent";
|
||||
};
|
||||
};
|
||||
|
@ -159,5 +177,26 @@ in
|
|||
};
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf cfg.enableExtraSocket {
|
||||
systemd.user.sockets.gpg-agent-extra = {
|
||||
Unit = {
|
||||
Description = "GnuPG cryptographic agent and passphrase cache (restricted)";
|
||||
Documentation = "man:gpg-agent(1) man:ssh(1)";
|
||||
};
|
||||
|
||||
Socket = {
|
||||
ListenStream = "%t/gnupg/S.gpg-agent.extra";
|
||||
FileDescriptorName = "extra";
|
||||
Service = "gpg-agent.service";
|
||||
SocketMode = "0600";
|
||||
DirectoryMode = "0700";
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = [ "sockets.target" ];
|
||||
};
|
||||
};
|
||||
})
|
||||
]);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue