diff options
| author | Lilah Tascheter <lilah@lunabee.space> | 2025-11-03 17:17:26 -0600 |
|---|---|---|
| committer | jgart <jgart@dismail.de> | 2025-12-02 12:49:38 -0600 |
| commit | 26cb836c4ec695aa1282b077fde99d280f3817e0 (patch) | |
| tree | 8b02ff7326013b8aad0cb1d0f25e463c6dec8a77 /gnu/home | |
| parent | b545538abe6e86c2573d4b8ae100c6dad3c5e068 (diff) | |
gnu: home: Add himitsu-ssh service.
* gnu/home/services/secrets.scm
(remember-option?,list-of-remember-options?): New types.
(himitsu-serialize-list-of-remember-options): New serializer.
(home-himitsu-ssh-configuration): New configuration.
(himitsu-ssh-shepherd-service,himitsu-ssh-himitsu.ini,
himitsu-ssh-environment-variables): New procedures.
(home-himitsu-ssh-service-type): New service.
Change-Id: I051a97aec2396dd899078c594c9d0b989a0aa6f1
Signed-off-by: jgart <jgart@dismail.de>
Diffstat (limited to 'gnu/home')
| -rw-r--r-- | gnu/home/services/secrets.scm | 66 |
1 files changed, 65 insertions, 1 deletions
diff --git a/gnu/home/services/secrets.scm b/gnu/home/services/secrets.scm index 686876fa91a..451a9a9816b 100644 --- a/gnu/home/services/secrets.scm +++ b/gnu/home/services/secrets.scm @@ -27,7 +27,10 @@ #:use-module (srfi srfi-1) #:export (wrap-himitsu-prompter home-himitsu-configuration - home-himitsu-service-type)) + home-himitsu-service-type + + home-himitsu-ssh-configuration + home-himitsu-ssh-service-type)) ;; ;; himitsu @@ -123,3 +126,64 @@ running 'himitsu-store -i' first?"))))) (default-value (home-himitsu-configuration)) (description "Run the Himitsu secret storage manager upon login. You should create the Himitsu database in advance."))) + +;; +;; himitsu-ssh +;; + +(define (remember-option? opt) + (or (number? opt) (memq opt '(session skip refuse)))) + +(define list-of-remember-options? (list-of remember-option?)) + +(define (himitsu-serialize-list-of-remember-options label val) + (himitsu-serialize-string label + (string-join (map (lambda (x) (cond ((number? x) (number->string x)) + ((symbol? x) (symbol->string x)))) + val) + ","))) + +(define-configuration home-himitsu-ssh-configuration + (package (file-like himitsu-ssh) "himitsu-ssh package to use." + empty-serializer) + (persist (list-of-remember-options '(session 300 refuse)) "List of options +given when prompting to allow himitsu-ssh to see your keys. The option chosen +decides how long himitsu-ssh has this access. Options can be either 'session, +'refuse, 'skip, or a timeout in seconds. 'session means until the daemon +closes, 'refuse to decline and never ask again, and 'skip means to ask again +next use.") + (disclose (list-of-remember-options '(skip session 300)) "List of options +given when prompting to allow himitsu-ssh use of your keys. The format is the +same has persist.") + (prefix himitsu-)) + +(define (himitsu-ssh-shepherd-service config) + (let* ((package (home-himitsu-ssh-configuration-package config)) + (binary (file-append package "/bin/hissh-agent"))) + (list (shepherd-service + (documentation "Start the Himitsu ssh-agent implementation.") + (provision '(himitsu-ssh ssh-agent)) + (requirement '(himitsud)) + (start #~(make-forkexec-constructor (list #$binary))) + (stop #~(make-kill-destructor)))))) + +(define (himitsu-ssh-himitsu.ini config) + (list "[ssh.remember]" + (serialize-configuration config home-himitsu-ssh-configuration-fields))) + +(define (himitsu-ssh-environment-variables _) + '(("SSH_AUTH_SOCK" . "${XDG_RUNTIME_DIR:-/run/user/$UID}/hissh-agent"))) + +(define home-himitsu-ssh-service-type + (service-type + (name 'himitsu-ssh) + (extensions (list (service-extension home-shepherd-service-type + himitsu-ssh-shepherd-service) + (service-extension home-himitsu-service-type + himitsu-ssh-himitsu.ini) + (service-extension home-environment-variables-service-type + himitsu-ssh-environment-variables) + (service-extension home-profile-service-type + (const (list himitsu-ssh))))) + (default-value (home-himitsu-ssh-configuration)) + (description "Add support for ssh to store keys in Himitsu."))) |