Attempt to replace mdellweg/pass_secret_service with grimsteel/pass-secret-service

.lycheeignore

@@ -6,3 +6,6 @@ user:password
 
 # reddit often rejects request from GitHub Actions
 www.reddit.com/
+
+# It might be nix placeholder
+releases/tag/

home-manager/desktop.nix

@@ -25,5 +25,56 @@
         ];
       };
     };
+
+    # configFile =
+    #   let
+    #     pass-secret-service-service = pkgs.writeText "pass-secret-service-service" ''
+    #       [Install]
+    #       WantedBy=default.target
+
+    #       ${builtins.readFile "${pkgs.my.pass-secret-service-rs}/share/systemd/user/pass-secret-service.service"}
+    #     '';
+    #   in
+    #   {
+    #     # Might be simplified if https://github.com/nix-community/home-manager/pull/4990 resolved
+    #     "systemd/user/pass-secret-service.service".source = pass-secret-service-service;
+    #     "systemd/user/default.target.wants/pass-secret-service.service".source =
+    #       pass-secret-service-service;
+    #   };
+
+    # https://github.com/nix-community/home-manager/blob/d4aebb947a301b8da8654a804979a738c5c5da50/modules/services/pass-secret-service.nix#L67
+    dataFile = {
+      "dbus-1/services/org.freedesktop.secrets.service".source =
+        "${pkgs.my.pass-secret-service-rs}/share/share/dbus-1/services/org.freedesktop.secrets.service";
+    };
   };
+
+  systemd.user.services.pass-secret-service =
+    let
+      busName = "org.freedesktop.secrets";
+      binPath = lib.getExe pkgs.my.pass-secret-service-rs;
+    in
+    {
+      Unit = {
+        AssertFileIsExecutable = "${binPath}";
+        Description = "org.freedesktop.secrets agent for pass";
+        Documentation = "https://github.com/grimsteel/pass-secret-service";
+        PartOf = [
+          "graphical-session.target"
+          # "default.target"
+        ];
+      };
+
+      Service = {
+        Type = "dbus";
+        ExecStart = binPath;
+        BusName = busName;
+        # Environment = [ "GNUPGHOME=${config.programs.gpg.homedir}" ];
+      };
+
+      Install.WantedBy = [
+        "graphical-session.target"
+        # "default.target"
+      ];
+    };
 }

nixos/desktop/default.nix

@@ -9,6 +9,7 @@
   imports = [
     (import ./font.nix { inherit pkgs; })
     ./kanata.nix
+    # ../modules/pass-secret-service-rs.nix
   ];
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
@@ -342,10 +343,9 @@
     };
   };
 
-  # Make it possible to use libsecret which is required in vscode GitHub authentication(--password-store="gnome-libsecret"), without gnome-keyring(GH-814).
-  #
-  # Prefer NixOS module rather than home-manager one for making it possible to use gnome-online-accounts. See GH-1015
-  #
-  # Alternative candidates: https://github.com/grimsteel/pass-secret-service
-  services.passSecretService.enable = true;
+  # Using this libsecret implementation to fix GH-814 and GH-1015
+  # services.passSecretServiceRs = {
+  #   enable = true;
+  #   package = pkgs.my.pass-secret-service-rs;
+  # };
 }

nixos/modules/pass-secret-service-rs.nix

@@ -0,0 +1,23 @@
+# {
+#   config,
+#   lib,
+#   pkgs,
+#   ...
+# }:
+# let
+#   cfg = config.services.passSecretServiceRs;
+# in
+# {
+#   options.services.passSecretServiceRs = {
+#     enable = lib.mkEnableOption "pass secret service";
+
+#     package = lib.mkPackageOption pkgs.my "pass-secret-service-rs" { };
+#   };
+
+#   config = lib.mkIf cfg.enable {
+#     systemd.packages = [ cfg.package ];
+#     services.dbus.packages = [ cfg.package ];
+#   };
+
+#   meta.maintainers = with lib.maintainers; [ kachick ];
+# }

pkgs/pass-secret-service-rs/package.nix

@@ -0,0 +1,49 @@
+{
+  lib,
+  fetchFromGitHub,
+  rustPlatform,
+  nix-update-script,
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "pass-secret-service-rs";
+  version = "0.2.1";
+
+  src = fetchFromGitHub {
+    owner = "grimsteel";
+    repo = "pass-secret-service";
+    tag = "v${version}";
+    hash = "sha256-4NS/f7x4/GKrnvrhqDnjxTYF5Wd/7yj/hcpYl0l5Qjk=";
+  };
+
+  cargoHash = "sha256-6KJy2bKlG/7dCGLDCDV/ZmmP84MBamVDereDgcFwCoU=";
+
+  postPatch = ''
+    substituteInPlace 'systemd/org.freedesktop.secrets.service' \
+      --replace-fail '/usr/bin' "$out/bin"
+    substituteInPlace 'systemd/pass-secret-service.service' \
+      --replace-fail '/usr/bin' "$out/bin"
+  '';
+
+  postInstall = ''
+    install -Dm0644 'systemd/org.freedesktop.secrets.service' -t "$out/share/dbus-1/services"
+    install -Dm0644 'systemd/pass-secret-service.service' -t "$out/lib/systemd/user"
+  '';
+
+  # Can't use versionCheckHook, they does not provide the version printing flag
+
+  passthru = {
+    updateScript = nix-update-script { };
+  };
+
+  meta = with lib; {
+    description = "Implementation of org.freedesktop.secrets using `pass`";
+    homepage = "https://github.com/grimsteel/pass-secret-service";
+    changelog = "https://github.com/grimsteel/pass-secret-service/releases/tag/v${version}";
+    license = licenses.gpl3Only;
+    maintainers = with maintainers; [
+      kachick
+    ];
+    mainProgram = "pass-secret-service";
+  };
+}