From 66d8af6d091af58aa2cc7bdc4e85c3545f8d3ae2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Sat, 21 Nov 2009 22:14:01 +0000
Subject: [PATCH] X: Add support for starting the GnuPG agent.

svn path=/nixos/trunk/; revision=18509
---
 .../services/x11/display-managers/default.nix | 11 ++++++++
 modules/services/x11/xserver.nix              | 28 +++++++++++++++----
 2 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/modules/services/x11/display-managers/default.nix b/modules/services/x11/display-managers/default.nix
index f62c38bf7110..7cc270cf247b 100644
--- a/modules/services/x11/display-managers/default.nix
+++ b/modules/services/x11/display-managers/default.nix
@@ -43,6 +43,17 @@ let
         fi
       ''}
 
+      ${optionalString cfg.startGnuPGAgent ''
+        if test -z "$SSH_AUTH_SOCK"; then
+            # Restart this script as a child of the GnuPG agent.
+            exec "${pkgs.gnupg2}/bin/gpg-agent"                         \
+              --enable-ssh-support --daemon                             \
+              --pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2"  \
+              --write-env-file "$HOME/.gpg-agent-info"                  \
+              "$0" "$sessionType"
+        fi
+      ''}
+
       # Start a ConsoleKit session so that we get ownership of various
       # devices.
       if test -z "$XDG_SESSION_COOKIE"; then
diff --git a/modules/services/x11/xserver.nix b/modules/services/x11/xserver.nix
index e14c9762bd02..ee6f7c50f122 100644
--- a/modules/services/x11/xserver.nix
+++ b/modules/services/x11/xserver.nix
@@ -208,6 +208,16 @@ in
         '';
       };
 
+      startGnuPGAgent = mkOption {
+        default = true;
+        description = ''
+          Whether to start the GnuPG agent when you log in.  The GnuPG agent
+          remembers private keys for you so that you don't have to type in
+          passphrases every time you make an SSH connection or sign/encrypt
+          data.  Use <command>ssh-add</command> to add a key to the agent.
+        '';
+      };
+
       layout = mkOption {
         default = "us";
         description = ''
@@ -322,13 +332,21 @@ in
 
 
   ###### implementation
-  
+
   config = mkIf cfg.enable {
 
-    assertions = singleton
-      { assertion = config.services.hal.enable == true;
-        message = "The X server needs HAL running. Set services.hal.enable to true";
-      };
+    assertions =
+      [ { assertion = config.services.hal.enable == true;
+          message = "The X server needs HAL running. Set services.hal.enable to true";
+        }
+
+        { assertion = (cfg.startSSHAgent -> !cfg.startGnuPGAgent)
+                       && (cfg.startGnuPGAgent -> !cfg.startSSHAgent);
+          message =
+            "The OpenSSH SSH agent and GnuPG agent cannot be started " +
+            "both.  Choose between `startSSHAgent' and `startGnuPGAgent'.";
+        }
+      ];
 
     boot.extraModulePackages =
       optional (elem "nvidia" driverNames) kernelPackages.nvidia_x11 ++