Skip to content

nixos/gnome-keyring: add SSH support by exporting SSH_AUTH_SOCK #310978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
no-mood wants to merge 7 commits into
base: master
Choose a base branch
from
Open

nixos/gnome-keyring: add SSH support by exporting SSH_AUTH_SOCK #310978

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
47f2e3d
Added ssh support by exporting SSH_AUTH_SOCK
no-mood May 12, 2024
d65b98e
nixos/gnome-keyring: add SSH support by exporting SSH_AUTH_SOCK
no-mood May 12, 2024
5288c6c
renamed option to follow the convention
no-mood May 27, 2024
f6cc2fa
added a new option to set SSH_AUTH_SOCK
no-mood May 27, 2024
d7b6c9b
added a new option to set SSH_AUTH_SOCK
no-mood May 27, 2024
4e26750
Added a new option to set SSH_AUTH_SOCK
no-mood May 27, 2024
f27533c
setting SSH_AUTH_SOCK in gnome-keyring through the new option
no-mood May 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions nixos/modules/services/desktops/gnome/gnome-keyring.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# GNOME Keyring daemon.

{ config, pkgs, lib, ... }:

let
cfg = config.services.gnome.gnome-keyring;
in
{

meta = {
Expand All @@ -24,14 +26,23 @@
'';
};

enableSSHSupport = lib.mkOption {
Comment thread
Scrumplex marked this conversation as resolved.
Outdated
type = lib.types.bool;
default = false;
description = ''
Enable SSH agent support in Gnome Keyring by setting SSH_AUTH_SOCK
environment variable correctly.
'';
};

};

};


###### implementation

config = lib.mkIf config.services.gnome.gnome-keyring.enable {
config = lib.mkIf cfg.enable {

environment.systemPackages = [ pkgs.gnome.gnome-keyring ];

Expand All @@ -48,6 +59,12 @@
source = "${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon";
};

environment.extraInit = lib.mkIf cfg.enableSSHSupport ''

@pluiedev pluiedev May 12, 2024

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. Is there no easy way to express this with environment.sessionVariables or environment.variables?

@no-mood no-mood May 12, 2024

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At first I was trying to use something like this:

environment.sessionVariables = {
  SSH_AUTH_SOCK = "${builtins.getEnv "XDG_RUNTIME_DIR"}/keyring/ssh";
};

Then I relied on what is done with SSH and GnuPG, I thought it was a better practice.

@Aleksanaa Aleksanaa May 19, 2024

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This ${builtins.getEnv "XDG_RUNTIME_DIR"} is $XDG_RUNTIME_DIR in eval, not in activation.

The current way is not that bad though:

nixpkgs/nixos/modules/services/security/yubikey-agent.nix

Lines 48 to 52 in 8535fb9

environment.extraInit = ''
if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/yubikey-agent/yubikey-agent.sock"
fi
'';

if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/keyring/ssh"
fi
'';

};

}