gpg-agent: Add maxCacheTtl(Ssh) options

2018-06-28 19:33:47 +02:00 · 2018-06-28 19:33:47 +02:00 · 97ee4578c9
parent 0d3f9ba913
commit 97ee4578c9
1 changed files with 28 additions and 0 deletions
--- a/modules/services/gpg-agent.nix
+++ b/modules/services/gpg-agent.nix
@ -40,6 +40,28 @@ in
        '';
      };

+      maxCacheTtl = mkOption {
+        type = types.nullOr types.int;
+        default = null;
+        description = ''
+          Set the maximum time a cache entry is valid to n seconds. After this
+          time a cache entry will be expired even if it has been accessed
+          recently or has been set using gpg-preset-passphrase. The default is
+          2 hours (7200 seconds).
+        '';
+      };
+
+      maxCacheTtlSsh = mkOption {
+        type = types.nullOr types.int;
+        default = null;
+        description = ''
+          Set the maximum time a cache entry used for SSH keys is valid to n
+          seconds. After this time a cache entry will be expired even if it has
+          been accessed recently or has been set using gpg-preset-passphrase.
+          The default is 2 hours (7200 seconds).
+        '';
+      };
+
      enableSshSupport = mkOption {
        type = types.bool;
        default = false;
@ -103,6 +125,12 @@ in
        ++
        optional (cfg.defaultCacheTtlSsh != null)
          "default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}"
+        ++
+        optional (cfg.maxCacheTtl != null)
+          "max-cache-ttl ${toString cfg.maxCacheTtl}"
+        ++
+        optional (cfg.maxCacheTtlSsh != null)
+          "max-cache-ttl-ssh ${toString cfg.maxCacheTtlSsh}"
      );

      home.sessionVariables =