pyrox.dev
1{ lib, config, pkgs, ... }:
2let
3 cfg = config.programs.goldwarden;
4in
5{
6 options.programs.goldwarden = {
7 enable = lib.mkEnableOption "Goldwarden";
8 package = lib.mkPackageOption pkgs "goldwarden" {};
9 useSshAgent = lib.mkEnableOption "Goldwarden's SSH Agent" // { default = true; };
10 };
11
12 config = lib.mkIf cfg.enable {
13 assertions = [{
14 assertion = cfg.useSshAgent -> !config.programs.ssh.startAgent;
15 message = "Only one ssh-agent can be used at a time.";
16 }];
17
18 environment = {
19 etc = lib.mkIf config.programs.chromium.enable {
20 "chromium/native-messaging-hosts/com.8bit.bitwarden.json".source = "${cfg.package}/etc/chromium/native-messaging-hosts/com.8bit.bitwarden.json";
21 "opt/chrome/native-messaging-hosts/com.8bit.bitwarden.json".source = "${cfg.package}/etc/chrome/native-messaging-hosts/com.8bit.bitwarden.json";
22 };
23
24 extraInit = lib.mkIf cfg.useSshAgent ''
25 if [ -z "$SSH_AUTH_SOCK" -a -n "$HOME" ]; then
26 export SSH_AUTH_SOCK="$HOME/.goldwarden-ssh-agent.sock"
27 fi
28 '';
29
30 systemPackages = [
31 # for cli and polkit action
32 cfg.package
33 # binary exec's into pinentry which should match the DE
34 config.programs.gnupg.agent.pinentryPackage
35 ];
36 };
37
38 programs.firefox.nativeMessagingHosts.packages = [ cfg.package ];
39
40 # see https://github.com/quexten/goldwarden/blob/main/cmd/goldwarden.service
41 systemd.user.services.goldwarden = {
42 description = "Goldwarden daemon";
43 wantedBy = [ "graphical-session.target" ];
44 after = [ "graphical-session.target" ];
45 serviceConfig.ExecStart = "${lib.getExe cfg.package} daemonize";
46 path = [ config.programs.gnupg.agent.pinentryPackage ];
47 unitConfig.ConditionUser = "!@system";
48 };
49 };
50}