From 8304634260bbedfca8a6ed87e5d84b619be1e3fd Mon Sep 17 00:00:00 2001 From: "Jan (janneke) Nieuwenhuizen" Date: Sun, 26 Mar 2023 19:54:19 +0200 Subject: home: services: Export home-xmodmap-service-type and configuration. This is a follow-up to commit 511ae8325db0dfc7803d7b98d7e4d8f76774e8c5 home: services: Add home-xmodmap-service-type. * gnu/home/services/desktop.scm (home-xmodmap-service-type, home-xmodmap-configuration): Export. --- gnu/home/services/desktop.scm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'gnu/home/services') diff --git a/gnu/home/services/desktop.scm b/gnu/home/services/desktop.scm index fb1cd44060..661fe7d283 100644 --- a/gnu/home/services/desktop.scm +++ b/gnu/home/services/desktop.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2022 Ludovic Courtès ;;; Copyright © 2022 ( ;;; Copyright © 2023 conses +;;; Copyright © 2023 Janneke Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. ;;; @@ -37,7 +38,10 @@ (define-module (gnu home services desktop) home-dbus-service-type home-unclutter-configuration - home-unclutter-service-type)) + home-unclutter-service-type + + home-xmodmap-configuration + home-xmodmap-service-type)) ;;; -- cgit v1.2.3 From 0fbb356714f4ae3ea18e4997131a0e1746cc923c Mon Sep 17 00:00:00 2001 From: Bruno Victal Date: Sun, 26 Mar 2023 19:41:30 +0100 Subject: services: replace bare serializers with (serializer ...) * gnu/home/services/shells.scm (home-zsh-configuration)[environment-variables]: Use (serializer ...). (home-bash-configuration)[aliases, environment-variables]: Likewise. (home-fish-configuration)[abbreviations, aliases] [environment-variables]: Likewise. * gnu/services/audio.scm (mpd-configuration)[music-dir, playlist-dir] [endpoints, address, inputs, archive-plugins, input-cache-size] [decoders, filters, playlist-plugins]: Likewise. * gnu/services/linux.scm (fstrim-configuration)[extra-arguments]: Likewise. * gnu/services/security.scm (fail2ban-jail-configuration)[backend] [log-encoding, extra-content]: Likewise. * tests/services/configuration.scm: Update tests. ("serialize-configuration [deprecated]"): New test. Signed-off-by: Liliana Marie Prikler --- gnu/home/services/shells.scm | 12 +++++------ gnu/services/audio.scm | 45 ++++++++++++++++++++-------------------- gnu/services/linux.scm | 7 ++++--- gnu/services/security.scm | 6 +++--- tests/services/configuration.scm | 11 +++++++++- 5 files changed, 46 insertions(+), 35 deletions(-) (limited to 'gnu/home/services') diff --git a/gnu/home/services/shells.scm b/gnu/home/services/shells.scm index 3326eb37f4..f05f2221d6 100644 --- a/gnu/home/services/shells.scm +++ b/gnu/home/services/shells.scm @@ -133,7 +133,7 @@ (define-configuration home-zsh-configuration (environment-variables (alist '()) "Association list of environment variables to set for the Zsh session." - serialize-posix-env-vars) + (serializer serialize-posix-env-vars)) (zshenv (text-config '()) "List of file-like objects, which will be added to @file{.zshenv}. @@ -334,7 +334,7 @@ (define-configuration home-bash-configuration rules for the @code{home-environment-variables-service-type} apply here (@pxref{Essential Home Services}). The contents of this field will be added after the contents of the @code{bash-profile} field." - serialize-posix-env-vars) + (serializer serialize-posix-env-vars)) (aliases (alist '()) "Association list of aliases to set for the Bash session. The aliases will be @@ -351,7 +351,7 @@ (define-configuration home-bash-configuration @example alias ls=\"ls -alF\" @end example" - bash-serialize-aliases) + (serializer bash-serialize-aliases)) (bash-profile (text-config '()) "List of file-like objects, which will be added to @file{.bash_profile}. @@ -536,19 +536,19 @@ (define-configuration home-fish-configuration (environment-variables (alist '()) "Association list of environment variables to set in Fish." - serialize-fish-env-vars) + (serializer serialize-fish-env-vars)) (aliases (alist '()) "Association list of aliases for Fish, both the key and the value should be a string. An alias is just a simple function that wraps a command, If you want something more akin to @dfn{aliases} in POSIX shells, see the @code{abbreviations} field." - serialize-fish-aliases) + (serializer serialize-fish-aliases)) (abbreviations (alist '()) "Association list of abbreviations for Fish. These are words that, when typed in the shell, will automatically expand to the full text." - serialize-fish-abbreviations)) + (serializer serialize-fish-abbreviations))) (define (fish-files-service config) `(("fish/config.fish" diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm index 4885fb8424..c073b85a32 100644 --- a/gnu/services/audio.scm +++ b/gnu/services/audio.scm @@ -370,7 +370,7 @@ (define-configuration mpd-configuration (music-dir ; TODO: deprecated, remove later maybe-string "The directory to scan for music files." - mpd-serialize-deprecated-field) + (serializer mpd-serialize-deprecated-field)) (playlist-directory maybe-string @@ -379,7 +379,7 @@ (define-configuration mpd-configuration (playlist-dir ; TODO: deprecated, remove later maybe-string "The directory to store playlists." - mpd-serialize-deprecated-field) + (serializer mpd-serialize-deprecated-field)) (db-file maybe-string @@ -405,16 +405,17 @@ (define-configuration mpd-configuration port is used. To use a Unix domain socket, an absolute path or a path starting with @code{~} can be specified here." - (lambda (_ endpoints) - (if (maybe-value-set? endpoints) - (mpd-serialize-list-of-strings "bind_to_address" endpoints) - ""))) + (serializer + (lambda (_ endpoints) + (if (maybe-value-set? endpoints) + (mpd-serialize-list-of-strings "bind_to_address" endpoints) + "")))) (address ; TODO: deprecated, remove later maybe-string "The address that mpd will bind to. To use a Unix domain socket, an absolute path can be specified here." - mpd-serialize-deprecated-field) + (serializer mpd-serialize-deprecated-field)) (database maybe-mpd-plugin @@ -431,29 +432,29 @@ (define-configuration mpd-configuration (inputs (list-of-mpd-plugin '()) "List of MPD input plugin configurations." - (lambda (_ x) - (mpd-serialize-list-of-mpd-plugin "input" x))) + (serializer (lambda (_ x) + (mpd-serialize-list-of-mpd-plugin "input" x)))) (archive-plugins (list-of-mpd-plugin '()) "List of MPD archive plugin configurations." - (lambda (_ x) - (mpd-serialize-list-of-mpd-plugin "archive_plugin" x))) + (serializer (lambda (_ x) + (mpd-serialize-list-of-mpd-plugin "archive_plugin" x)))) (input-cache-size maybe-string "MPD input cache size." - (lambda (_ x) - (if (maybe-value-set? x) - #~(string-append "\ninput_cache {\n" - #$(mpd-serialize-string "size" x) - "}\n") ""))) + (serializer (lambda (_ x) + (if (maybe-value-set? x) + #~(string-append "\ninput_cache {\n" + #$(mpd-serialize-string "size" x) + "}\n") "")))) (decoders (list-of-mpd-plugin '()) "List of MPD decoder plugin configurations." - (lambda (_ x) - (mpd-serialize-list-of-mpd-plugin "decoder" x))) + (serializer (lambda (_ x) + (mpd-serialize-list-of-mpd-plugin "decoder" x)))) (resampler maybe-mpd-plugin @@ -462,8 +463,8 @@ (define-configuration mpd-configuration (filters (list-of-mpd-plugin '()) "List of MPD filter plugin configurations." - (lambda (_ x) - (mpd-serialize-list-of-mpd-plugin "filter" x))) + (serializer (lambda (_ x) + (mpd-serialize-list-of-mpd-plugin "filter" x)))) (outputs (list-of-mpd-plugin-or-output (list (mpd-output))) @@ -473,8 +474,8 @@ (define-configuration mpd-configuration (playlist-plugins (list-of-mpd-plugin '()) "List of MPD playlist plugin configurations." - (lambda (_ x) - (mpd-serialize-list-of-mpd-plugin "playlist_plugin" x))) + (serializer (lambda (_ x) + (mpd-serialize-list-of-mpd-plugin "playlist_plugin" x)))) (extra-options (alist '()) diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm index 439848919d..4f28044112 100644 --- a/gnu/services/linux.scm +++ b/gnu/services/linux.scm @@ -213,9 +213,10 @@ (define-configuration fstrim-configuration maybe-list-of-strings "Extra options to append to @command{fstrim} (run @samp{man fstrim} for more information)." - (lambda (_ value) - (if (maybe-value-set? value) - value '()))) + (serializer + (lambda (_ value) + (if (maybe-value-set? value) + value '())))) (prefix fstrim-)) (define (serialize-fstrim-configuration config) diff --git a/gnu/services/security.scm b/gnu/services/security.scm index 8116072920..e750bb468b 100644 --- a/gnu/services/security.scm +++ b/gnu/services/security.scm @@ -200,7 +200,7 @@ (define-configuration fail2ban-jail-configuration "Backend to use to detect changes in the @code{log-path}. The default is 'auto. To consult the defaults of the jail configuration, refer to the @file{/etc/fail2ban/jail.conf} file of the @code{fail2ban} package." - fail2ban-jail-configuration-serialize-backend) + (serializer fail2ban-jail-configuration-serialize-backend)) (max-retry maybe-integer "The number of failures before a host get banned @@ -269,7 +269,7 @@ (define-configuration fail2ban-jail-configuration maybe-symbol "The encoding of the log files handled by the jail. Possible values are: @code{'ascii}, @code{'utf-8} and @code{'auto}." - fail2ban-jail-configuration-serialize-log-encoding) + (serializer fail2ban-jail-configuration-serialize-log-encoding)) (log-path (list-of-strings '()) "The file names of the log files to be monitored.") @@ -280,7 +280,7 @@ (define-configuration fail2ban-jail-configuration (text-config '()) "Extra content for the jail configuration, provided as a list of file-like objects." - serialize-text-config) + (serializer serialize-text-config)) (prefix fail2ban-jail-configuration-)) (define list-of-fail2ban-jail-configurations? diff --git a/tests/services/configuration.scm b/tests/services/configuration.scm index 0392cce927..8ad5907f37 100644 --- a/tests/services/configuration.scm +++ b/tests/services/configuration.scm @@ -82,6 +82,9 @@ (define (custom-number-serializer name value) (format #f "~a = ~a;" name value)) (define-configuration serializable-configuration + (port (number 80) "The port number." (serializer custom-number-serializer))) + +(define-configuration serializable-configuration-deprecated (port (number 80) "The port number." custom-number-serializer)) (test-assert "serialize-configuration" @@ -89,8 +92,14 @@ (define-configuration serializable-configuration (let ((config (serializable-configuration))) (serialize-configuration config serializable-configuration-fields)))) +(test-assert "serialize-configuration [deprecated]" + (gexp? + (let ((config (serializable-configuration-deprecated))) + (serialize-configuration + config serializable-configuration-deprecated-fields)))) + (define-configuration serializable-configuration - (port (number 80) "The port number." custom-number-serializer) + (port (number 80) "The port number." (serializer custom-number-serializer)) (no-serialization)) (test-assert "serialize-configuration with no-serialization" -- cgit v1.2.3 From 5c893787be78a79433fe1343f5b70cd647e8f667 Mon Sep 17 00:00:00 2001 From: Bruno Victal Date: Sun, 5 Mar 2023 15:19:13 +0000 Subject: home: xdg-base-directories: Set correct value for XDG_STATE_HOME. XDG Base Directory Specification 0.8 officially introduces the XDG_STATE_HOME environment variable. Fixes . * gnu/home/services/xdg.scm (home-xdg-base-directories-configuration)[state-home]: Set default value according to spec. Update field documentation. (home-xdg-base-directories-service-type): Update service description. Signed-off-by: Andrew Tropin --- gnu/home/services/xdg.scm | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'gnu/home/services') diff --git a/gnu/home/services/xdg.scm b/gnu/home/services/xdg.scm index 3007493f85..ac557b4c3d 100644 --- a/gnu/home/services/xdg.scm +++ b/gnu/home/services/xdg.scm @@ -104,11 +104,11 @@ (define-configuration home-xdg-base-directories-configuration Specification, but helps to make implementation of home services more consistent.") (state-home - (path "$HOME/.local/var/lib") - "Base directory for programs to store state files, like databases, -analogus to @file{/var/lib}, but for user. It is not a part of XDG -Base Directory Specification, but helps to make implementation of home -services more consistent.")) + (path "$HOME/.local/state") + "Base directory for programs to store state data that should persist +between (application) restarts, such as logs, but are not important or +portable enough to the user to warrant storing them in +@env{XDG_DATA_HOME}.")) (define (home-xdg-base-directories-environment-variables-service config) (map @@ -158,12 +158,12 @@ (define home-xdg-base-directories-service-type (compose identity) (extend last-extension-or-cfg) (description "Configure XDG base directories. This -service introduces two additional variables @env{XDG_STATE_HOME}, -@env{XDG_LOG_HOME}. They are not a part of XDG specification, at -least yet, but are convenient to have, it improves the consistency -between different home services. The services of this service-type is -instantiated by default, to provide non-default value, extend the -service-type (using @code{simple-service} for example)."))) +service introduces an additional @env{XDG_LOG_HOME} variable. It's not +a part of XDG specification, at least yet, but are convenient to have, +it improves the consistency between different home services. The +services of this service-type is instantiated by default, to provide +non-default value, extend the service-type (using @code{simple-service} +for example)."))) (define (generate-home-xdg-base-directories-documentation) (generate-documentation -- cgit v1.2.3 From 6420015e6d3300e7a73da9a8253428d8386954d6 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 2 Apr 2023 12:49:40 +0200 Subject: home: Add gpg-agent service. * gnu/home/services/gnupg.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (GNU Privacy Guard): New node. (Secure Shell): Link to it. --- doc/guix.texi | 93 +++++++++++++++++++++++++-- gnu/home/services/gnupg.scm | 150 ++++++++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + 3 files changed, 240 insertions(+), 4 deletions(-) create mode 100644 gnu/home/services/gnupg.scm (limited to 'gnu/home/services') diff --git a/doc/guix.texi b/doc/guix.texi index c0bd28fdae..ed42488882 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -41869,11 +41869,12 @@ services)}. * Power Management: Power Management Home Services. Services for battery power. * Shepherd: Shepherd Home Service. Managing User's Daemons. * SSH: Secure Shell. Setting up the secure shell client. +* GPG: GNU Privacy Guard. Setting up GPG and related tools. * Desktop: Desktop Home Services. Services for graphical environments. * Guix: Guix Home Services. Services for Guix. * Fonts: Fonts Home Services. Services for managing User's fonts. * Sound: Sound Home Services. Dealing with audio. -* Messaging: Messaging Home Services. Services for managing messaging. +* Messaging: Messaging Home Services. Services for managing messaging. * Media: Media Home Services. Services for managing media. @end menu @c In addition to that Home Services can provide @@ -42639,15 +42640,18 @@ The @uref{https://www.openssh.com, OpenSSH package} includes a daemon, the @command{ssh-agent} command, that manages keys to connect to remote machines using the @acronym{SSH, secure shell} protocol. With the @code{(gnu home services ssh-agent)} service, you can configure the -OpenSSH ssh-agent to run upon login. +OpenSSH ssh-agent to run upon login. @xref{GNU Privacy Guard, +@code{home-gpg-agent-service-type}}, for an alternative to OpenSSH's +@command{ssh-agent}. + Here is an example of a service and its configuration that you could add to the @code{services} field of your @code{home-environment}: @lisp (service home-ssh-agent-service-type - (home-ssh-agent-configuration - (extra-options '("-t" "1h30m")))) + (home-ssh-agent-configuration + (extra-options '("-t" "1h30m")))) @end lisp @defvar home-ssh-agent-service-type @@ -42672,6 +42676,87 @@ Extra options will be passed to @command{ssh-agent}, please run @end table @end deftp +@node GNU Privacy Guard +@subsection GNU Privacy Guard + +@cindex GNU Privacy Guard, Home service +@cindex GPG, Home service +The @code{(gnu home services gnupg)} modules provides services that help +you set up the GNU Privacy Guard, also known as GnuPG or GPG, in your +home environment. + +@cindex gpg-agent, Home service +@cindex SSH agent, with gpg-agent +The @code{gpg-agent} service configures and sets up GPG's agent, the +program that is responsible for managing OpenPGP private keys and, +optionally, OpenSSH (secure shell) private keys (@pxref{Invoking +GPG-AGENT,,, gnupg, Using the GNU Privacy Guard}). + +As an example, here is how you would configure @code{gpg-agent} with SSH +support such that it uses the Emacs-based Pinentry interface when +prompting for a passphrase: + +@lisp +(service home-gpg-agent-service-type + (home-gpg-agent-configuration + (pinentry-program + (file-append pinentry-emacs "/bin/pinentry-emacs")) + (ssh-support? #t))) +@end lisp + +The service reference is given below. + +@defvar home-gpg-agent-service-type +This is the service type for @command{gpg-agent} (@pxref{Invoking +GPG-AGENT,,, gnupg, Using the GNU Privacy Guard}). Its value must be a +@code{home-gpg-agent-configuration}, as shown below. +@end defvar + +@c %start of fragment + +@deftp {Data Type} home-gpg-agent-configuration +Available @code{home-gpg-agent-configuration} fields are: + +@table @asis +@item @code{gnupg} (default: @code{gnupg}) (type: file-like) +The GnuPG package to use. + +@item @code{pinentry-program} (type: file-like) +Pinentry program to use. Pinentry is a small user interface that +@command{gpg-agent} delegates to anytime it needs user input for a +passphrase or @acronym{PIN,personal identification number} +(@pxref{Top,,, pinentry,Using the PIN-Entry}). + +@item @code{ssh-support?} (default: @code{#f}) (type: boolean) +Whether to enable @acronym{SSH,secure shell} support. When true, +@command{gpg-agent} acts as a drop-in replacement for OpenSSH's +@command{ssh-agent} program, taking care of OpenSSH secret keys and +directing passphrase requests to the chosen Pinentry program. + +@item @code{default-cache-ttl} (default: @code{600}) (type: integer) +Time a cache entry is valid, in seconds. + +@item @code{max-cache-ttl} (default: @code{7200}) (type: integer) +Maximum time a cache entry is valid, in seconds. After this time a +cache entry will be expired even if it has been accessed recently. + +@item @code{default-cache-ttl-ssh} (default: @code{1800}) (type: integer) +Time a cache entry for SSH keys is valid, in seconds. + +@item @code{max-cache-ttl-ssh} (default: @code{7200}) (type: integer) +Maximum time a cache entry for SSH keys is valid, in seconds. + +@item @code{extra-content} (default: @code{""}) (type: raw-configuration-string) +Raw content to add to the end of @file{~/.gnupg/gpg-agent.conf}. + +@end table + +@end deftp + + +@c %end of fragment + + @node Desktop Home Services @subsection Desktop Home Services diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm new file mode 100644 index 0000000000..7e9e02a3cc --- /dev/null +++ b/gnu/home/services/gnupg.scm @@ -0,0 +1,150 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2023 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu home services gnupg) + #:use-module (guix gexp) + #:use-module ((guix records) #:select (match-record)) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (gnu home services) + #:use-module (gnu home services shepherd) + #:autoload (gnu packages gnupg) (gnupg pinentry) + #:export (home-gpg-agent-configuration + home-gpg-agent-configuration? + home-gpg-agent-configuration-gnupg + home-gpg-agent-configuration-pinentry-program + home-gpg-agent-configuration-ssh-support? + home-gpg-agent-configuration-default-cache-ttl + home-gpg-agent-configuration-max-cache-ttl + home-gpg-agent-configuration-max-cache-ttl-ssh + home-gpg-agent-configuration-extra-content + + home-gpg-agent-service-type)) + +(define raw-configuration-string? string?) + +;; Configuration of 'gpg-agent'. +(define-configuration/no-serialization home-gpg-agent-configuration + (gnupg + (file-like gnupg) + "The GnuPG package to use.") + (pinentry-program + (file-like (file-append pinentry "/bin/pinentry-curses")) + "Pinentry program to use. Pinentry is a small user interface that +@command{gpg-agent} delegates to anytime it needs user input for a passphrase +or @acronym{PIN, personal identification number} (@pxref{Top,,, pinentry, +Using the PIN-Entry}).") + (ssh-support? + (boolean #f) + "Whether to enable @acronym{SSH, secure shell} support. When true, +@command{gpg-agent} acts as a drop-in replacement for OpenSSH's +@command{ssh-agent} program, taking care of OpenSSH secret keys and directing +passphrase requests to the chosen Pinentry program.") + (default-cache-ttl + (integer 600) + "Time a cache entry is valid, in seconds.") + (max-cache-ttl + (integer 7200) + "Maximum time a cache entry is valid, in seconds. After this time a cache +entry will be expired even if it has been accessed recently.") + (default-cache-ttl-ssh + (integer 1800) + "Time a cache entry for SSH keys is valid, in seconds.") + (max-cache-ttl-ssh + (integer 7200) + "Maximum time a cache entry for SSH keys is valid, in seconds.") + (extra-content + (raw-configuration-string "") + "Raw content to add to the end of @file{~/.gnupg/gpg-agent.conf}.")) + +(define (home-gpg-agent-configuration-file config) + "Return the @file{gpg-agent.conf} file for @var{config}." + (match-record config + (pinentry-program default-cache-ttl max-cache-ttl + default-cache-ttl-ssh max-cache-ttl-ssh + extra-content) + (mixed-text-file "gpg-agent.conf" + "pinentry-program " pinentry-program "\n" + "default-cache-ttl " + (number->string default-cache-ttl) "\n" + "max-cache-ttl " + (number->string max-cache-ttl) "\n" + "default-cache-ttl-ssh " + (number->string default-cache-ttl-ssh) "\n" + "max-cache-ttl-ssh " + (number->string max-cache-ttl-ssh) "\n" + extra-content))) + +(define (home-gpg-agent-shepherd-services config) + "Return the possibly-empty list of Shepherd services for @var{config}." + (match-record config + (gnupg ssh-support?) + ;; 'gpg-agent' is started on demand by GnuPG's programs, but it has to be + ;; started explicitly when OpenSSH support is enabled (info "(gnupg) Agent + ;; Options"). + (if ssh-support? + (let ((endpoint (lambda (name socket) + #~(endpoint + (make-socket-address + AF_UNIX + (string-append %user-runtime-dir + "/gnupg/" #$socket)) + #:name #$name + #:socket-directory-permissions #o700)))) + (list (shepherd-service + (provision '(gpg-agent ssh-agent)) + (modules '((shepherd support))) ;for '%user-runtime-dir' + (start #~(make-systemd-constructor + (list #$(file-append gnupg "/bin/gpg-agent") + "--supervised" "--enable-ssh-support") + (list #$(endpoint "ssh" "S.gpg-agent.ssh") + #$(endpoint "browser" "S.gpg-agent.browser") + #$(endpoint "extra" "S.gpg-agent.extra") + ;; #$(endpoint "scdaemon" "S.scdaemon") + #$(endpoint "std" "S.gpg-agent")))) + (stop #~(make-systemd-destructor)) + (documentation "Start 'gpg-agent', the GnuPG passphrase +agent, with support for handling OpenSSH material.")))) + '()))) + +(define (home-gpg-agent-files config) + `((".gnupg/gpg-agent.conf" ,(home-gpg-agent-configuration-file config)))) + +(define (home-gpg-agent-environment-variables config) + "Return GnuPG environment variables needed for @var{config}." + (if (home-gpg-agent-configuration-ssh-support? config) + `(("SSH_AUTH_SOCK" + . "$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh")) + '())) + +(define home-gpg-agent-service-type + (service-type + (name 'home-gpg-agent) + (extensions + (list (service-extension home-files-service-type + home-gpg-agent-files) + (service-extension home-shepherd-service-type + home-gpg-agent-shepherd-services) + (service-extension home-environment-variables-service-type + home-gpg-agent-environment-variables))) + (default-value (home-gpg-agent-configuration)) + (description + "Configure GnuPG's agent, @command{gpg-agent}, which is responsible for +managing OpenPGP and optionally SSH private keys. When SSH support is +enabled, @command{gpg-agent} acts as a drop-in replacement for OpenSSH's +@command{ssh-agent}."))) diff --git a/gnu/local.mk b/gnu/local.mk index b7e19b6bc2..f0a228f19f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -91,6 +91,7 @@ GNU_SYSTEM_MODULES = \ %D%/home/services/desktop.scm \ %D%/home/services/symlink-manager.scm \ %D%/home/services/fontutils.scm \ + %D%/home/services/gnupg.scm \ %D%/home/services/guix.scm \ %D%/home/services/media.scm \ %D%/home/services/messaging.scm \ -- cgit v1.2.3