Switch to gnome-keyring for libsecret

email password and git credential helper now use gnome-keyring/secret-service
2023-09-30 09:27:43 +01:00 · 2023-09-30 09:27:43 +01:00 · 6b7b76e7bc
parent b38ffe853d
commit 6b7b76e7bc
5 changed files with 14 additions and 10 deletions
--- a/flake.nix
+++ b/flake.nix
@ -154,7 +154,7 @@
              nameservers = [ "9.9.9.9" ];
            };
            environment = {
-              systemPackages = with pkgs; [ git neofetch ];
+              systemPackages = with pkgs; [ libsecret git neofetch nitch ];
              localBinInPath = true;
              shellAliases.nou =
                ''sudo nixos-rebuild switch --flake "${flakeURL}" --refresh'';
--- a/home/accounts/email.nix
+++ b/home/accounts/email.nix
@ -34,8 +34,9 @@
        };
        address = "e.litherlandsmith@proton.me";
        aliases = [ "evie@xenia.me.uk" "evie@litherlandsmith.slmail.me" ];
        passwordCommand = "${pkgs.pass}/bin/pass show Mail/Proton/${hostName}";
        userName = address;
        passwordCommand =
          "${pkgs.libsecret}/bin/secret-tool lookup email ${userName}";
        imapnotify = {
          enable = true;
          boxes = [ "INBOX" ];
@ -43,6 +44,7 @@
          onNotifyPost =
            "${pkgs.libnotify}/bin/notify-send 'Proton: New mail arrived'";
          extraConfig = {
            wait = 30;
            tls = false;
            tlsOptions.rejectUnauthorized = false;
          };
@ -72,14 +74,16 @@
        imap.host = "imap.mail.me.com";
        smtp.host = "smtp.mail.me.com";
        address = "e.litherlandsmith@icloud.com";
        passwordCommand = "${pkgs.pass}/bin/pass show Mail/iCloud/mbsync";
        userName = address;
        passwordCommand =
          "${pkgs.libsecret}/bin/secret-tool lookup email ${userName}";
        imapnotify = {
          enable = true;
          boxes = [ "INBOX" ];
          onNotify = "${pkgs.isync}/bin/mbsync --pull icloud:INBOX";
          onNotifyPost =
            "${pkgs.libnotify}/bin/notify-send 'Proton: New mail arrived'";
          extraConfig.wait = 30;
        };
        mbsync = {
          enable = true;
@ -109,14 +113,16 @@
        };
        address = "evie.litherland-smith@ukaea.uk";
        aliases = [ "elitherl@jet.uk" ];
        passwordCommand = "${pkgs.pass}/bin/pass show Mail/Outlook/ukaea";
        userName = address;
        passwordCommand =
          "${pkgs.libsecret}/bin/secret-tool lookup email ${userName}";
        imapnotify = {
          boxes = [ "INBOX" ];
          onNotify = "${pkgs.isync}/bin/mbsync --pull ukaea:INBOX";
          onNotifyPost =
            "${pkgs.libnotify}/bin/notify-send 'Proton: New mail arrived'";
          extraConfig = {
            wait = 30;
            tls = false;
            tlsOptions.rejectUnauthorized = false;
          };
--- a/home/git.nix
+++ b/home/git.nix
@ -19,6 +19,7 @@
      extraConfig = {
        pull.rebase = false;
        init.defaultBranch = "main";
        credential.helper = "${pkgs.gitFull}/bin/git-credential-libsecret";
      };
    };
    gitui = {
--- a/home/pass.nix
+++ b/home/pass.nix
@ -11,8 +11,6 @@
      settings.PASSWORD_STORE_DIR = with config.home;
        "${homeDirectory}/.password-store";
    };
    git.extraConfig.credential.helper =
      "${pkgs.gitFull}/bin/git-credential-libsecret";
  };
  services = {
    gpg-agent = rec {
--- a/system/desktop.nix
+++ b/system/desktop.nix
@ -18,10 +18,7 @@
    ];
  security = {
    rtkit.enable = true;
-    pam.services = {
+    pam.services.gtklock.enableGnomeKeyring = true;
      sddm.gnupg.enable = true;
      gtklock = { };
    };
  };
  sound.enable = true;
  hardware = {
@ -29,6 +26,7 @@
    bluetooth.enable = true;
  };
  services = {
    gnome.gnome-keyring.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
@ -50,6 +48,7 @@
  console.keyMap = "uk";
  programs = {
    ssh.startAgent = true;
    seahorse.enable = true;
    dconf.enable = true;
    light.enable = true;
    noisetorch.enable = true;