gpg-agent: add missing options

This commit is contained in:
Roman Volosatovs 2017-09-24 19:39:41 +02:00 committed by Robert Helgesson
parent f8aaba6704
commit c023b0532a
No known key found for this signature in database
GPG key ID: C3DB11069E65DC86

View file

@ -25,14 +25,48 @@ in
type = types.nullOr types.int;
default = null;
description = ''
Set the time a cache entry is valid to the given number of seconds.
Set the time a cache entry is valid to the given number of
seconds.
'';
};
defaultCacheTtlSsh = mkOption {
type = types.nullOr types.int;
default = null;
description = ''
Set the time a cache entry used for SSH keys is valid to the
given number of seconds.
'';
};
enableSshSupport = mkOption {
type = types.bool;
default = false;
description = "Whether to use the GnuPG key agent for SSH keys.";
description = ''
Whether to use the GnuPG key agent for SSH keys.
'';
};
grabKeyboardAndMouse = mkOption {
type = types.bool;
default = true;
description = ''
Tell the pinentry to grab the keyboard and mouse. This
option should in general be used to avoid X-sniffing
attacks. When disabled, this option passes
<option>no-grab</option> setting to gpg-agent.
'';
};
enableScDaemon = mkOption {
type = types.bool;
default = true;
description = ''
Make use of the scdaemon tool. This option has the effect of
enabling the ability to do smartcard operations. When
disabled, this option passes
<option>disable-scdaemon</option> setting to gpg-agent.
'';
};
};
};
@ -40,11 +74,17 @@ in
config = mkIf cfg.enable (mkMerge [
{
home.file.".gnupg/gpg-agent.conf".text = concatStringsSep "\n" (
optional cfg.enableSshSupport
"enable-ssh-support"
optional (cfg.enableSshSupport) "enable-ssh-support"
++
optional (!cfg.grabKeyboardAndMouse) "no-grab"
++
optional (!cfg.enableScDaemon) "disable-scdaemon"
++
optional (cfg.defaultCacheTtl != null)
"default-cache-ttl ${toString cfg.defaultCacheTtl}"
++
optional (cfg.defaultCacheTtlSsh != null)
"default-cache-ttl-ssh ${toString cfg.defaultCacheTtlSsh}"
);
home.sessionVariables =