pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / programs / goldwarden.nix
at 25.11-pre 1.9 kB view raw
1{ 2 lib, 3 config, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.programs.goldwarden; 9in 10{ 11 options.programs.goldwarden = { 12 enable = lib.mkEnableOption "Goldwarden"; 13 package = lib.mkPackageOption pkgs "goldwarden" { }; 14 useSshAgent = lib.mkEnableOption "Goldwarden's SSH Agent" // { 15 default = true; 16 }; 17 }; 18 19 config = lib.mkIf cfg.enable { 20 assertions = [ 21 { 22 assertion = cfg.useSshAgent -> !config.programs.ssh.startAgent; 23 message = "Only one ssh-agent can be used at a time."; 24 } 25 ]; 26 27 environment = { 28 etc = lib.mkIf config.programs.chromium.enable { 29 "chromium/native-messaging-hosts/com.8bit.bitwarden.json".source = 30 "${cfg.package}/etc/chromium/native-messaging-hosts/com.8bit.bitwarden.json"; 31 "opt/chrome/native-messaging-hosts/com.8bit.bitwarden.json".source = 32 "${cfg.package}/etc/chrome/native-messaging-hosts/com.8bit.bitwarden.json"; 33 }; 34 35 extraInit = lib.mkIf cfg.useSshAgent '' 36 if [ -z "$SSH_AUTH_SOCK" -a -n "$HOME" ]; then 37 export SSH_AUTH_SOCK="$HOME/.goldwarden-ssh-agent.sock" 38 fi 39 ''; 40 41 systemPackages = [ 42 # for cli and polkit action 43 cfg.package 44 # binary exec's into pinentry which should match the DE 45 config.programs.gnupg.agent.pinentryPackage 46 ]; 47 }; 48 49 programs.firefox.nativeMessagingHosts.packages = [ cfg.package ]; 50 51 # see https://github.com/quexten/goldwarden/blob/main/cmd/goldwarden.service 52 systemd.user.services.goldwarden = { 53 description = "Goldwarden daemon"; 54 wantedBy = [ "graphical-session.target" ]; 55 after = [ "graphical-session.target" ]; 56 serviceConfig.ExecStart = "${lib.getExe cfg.package} daemonize"; 57 path = [ config.programs.gnupg.agent.pinentryPackage ]; 58 unitConfig.ConditionUser = "!@system"; 59 }; 60 }; 61}