From 17fdce75eceda5e16074ea56e1bdfd5535e90d4d Mon Sep 17 00:00:00 2001
From: Giacomo Leidi <goodoldpaul@autistici.org>
Date: Sun, 1 Jun 2025 12:34:24 +0200
Subject: [PATCH] gnu: Add home-gcr-ssh-agent-service-type.

GNOME Keyring used to be able to act as a wrapper over ssh-agent.
It would display a GUI password entry dialog, including a checkbox to remember
the password, which, if selected, would allow fully passwordless use of that key.

The SSH functionality is disabled by default in gnome-keyring-daemon
builds since version 1.46
(commit 25c5a1982467802fa12c6852b03c57924553ba73).
It has been moved
(https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67)
into gcr-ssh-agent, which is part of the gcr package.

* gnu/home/services/gnome.scm: New file.
(gcr-ssh-agent-log-file,gcr-ssh-agent-shepherd-services): New public
procedures.
(gcr-ssh-agent-configuration): New configuration record.
(home-gcr-ssh-agent-service-type): New service type.
* gnu/local.mk: Add it.
* doc/guix.texi: Document it.

Change-Id: Idd3e40f544d40bb4c6682255f877cb79f0c70850
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
Reviewed-by: Dariqq <dariqq@posteo.net>
Reviewed-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Modified-by: Maxim Cournoyer <maxim@guixotic.coop>
---
 doc/guix.texi               |  44 +++++++++++++++
 gnu/home/services/gnome.scm | 104 ++++++++++++++++++++++++++++++++++++
 gnu/local.mk                |   1 +
 3 files changed, 149 insertions(+)
 create mode 100644 gnu/home/services/gnome.scm

diff --git a/doc/guix.texi b/doc/guix.texi
index 67156cbfa4f..a83219a9fd0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -51897,6 +51897,50 @@ API.
 @end table
 @end deftp
 
+@defvar home-gcr-ssh-agent-service-type
+
+GNOME Keyring used to be able to act as a wrapper over
+@command{ssh-agent}.  It would display a graphical password entry
+dialog, including a checkbox to remember the password, which, if
+selected, would allow fully passwordless use of that key.
+
+The SSH functionality is disabled by default in
+@command{gnome-keyring-daemon} builds since version
+@uref{https://gitlab.gnome.org/GNOME/gnome-keyring/-/commit25c5a1982467802fa12c6852b03c57924553ba73,
+1.46}.  It has been
+@uref{https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67, moved}
+into @command{gcr-ssh-agent}, which is part of the @code{gcr} package.
+
+To enable the SSH agent functionality it is sufficient to add the
+following to your Home configuration.
+
+@lisp
+(use-modules (gnu home services gnome) ;for 'home-gcr-ssh-agent-service-type'
+             @dots{})
+
+(home-environment
+  (services
+    (list
+      @dots{}
+      (service home-gcr-ssh-agent-service-type))))
+@end lisp
+@end defvar
+
+@deftp {Data Type} gcr-ssh-agent-configuration
+The configuration record for @code{home-gcr-ssh-agent-service-type}.  Its
+available fields are:
+
+@table @asis
+@item @code{package} (default: @code{gcr}) (type: package)
+The @code{gcr} package to use.
+
+@item @code{log-file} (type: maybe-string)
+Where the service will write its logs.  If unset, it defaults to
+@file{$HOME/.local/state/shepherd/gcr-ssh-agent.log}.
+
+@end table
+@end deftp
+
 @node Guix Home Services
 @subsection Guix Home Services
 
diff --git a/gnu/home/services/gnome.scm b/gnu/home/services/gnome.scm
new file mode 100644
index 00000000000..a6c75ab3e2d
--- /dev/null
+++ b/gnu/home/services/gnome.scm
@@ -0,0 +1,104 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2025 Giacomo Leidi <goodoldpaul@autistici.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation, either version 3 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+
+(define-module (gnu home services gnome)
+  #:use-module (guix gexp)
+  #:use-module (guix packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages gnome)
+  #:use-module (gnu system accounts)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu home services)
+  #:use-module (gnu home services shepherd)
+  #:export (gcr-ssh-agent-configuration
+            gcr-ssh-agent-configuration?
+            gcr-ssh-agent-configuration-fields
+            gcr-ssh-agent-configuration-package
+            gcr-ssh-agent-configuration-log-file
+
+            home-gcr-ssh-agent-log-file
+            home-gcr-ssh-agent-shepherd-service
+
+            home-gcr-ssh-agent-service-type))
+
+(define-maybe/no-serialization string)
+
+(define-configuration/no-serialization gcr-ssh-agent-configuration
+  (package
+   (package gcr)
+   "The @code{gcr} package to use.")
+  (log-file
+   (maybe-string)
+   "Where the service will write its logs.  If unset, it defaults to
+@file{$HOME/.local/state/shepherd/gcr-ssh-agent.log}."))
+
+(define (home-gcr-ssh-agent-log-file config)
+  (define maybe-log-file (gcr-ssh-agent-configuration-log-file config))
+  (if (maybe-value-set? maybe-log-file)
+      maybe-log-file
+      #~(string-append %user-log-dir "/gcr-ssh-agent.log")))
+
+(define (home-gcr-ssh-agent-shepherd-service config)
+  (let ((package
+          (gcr-ssh-agent-configuration-package config))
+        (log-file (home-gcr-ssh-agent-log-file config)))
+    (list
+     (shepherd-service
+       (provision '(gcr-ssh-agent ssh-agent))
+       (modules
+        ;;for '%user-log-dir' and '%user-runtime-dir'
+        '((shepherd support)))
+       (start
+        #~(let* ((socket-directory
+                  (string-append %user-runtime-dir
+                                 "/gcr"))
+                 (socket-endpoint
+                  (endpoint
+                   (make-socket-address
+                    AF_UNIX
+                    (string-append socket-directory "/ssh"))
+                   #:name "ssh"
+                   #:socket-directory-permissions #o700)))
+            (make-systemd-constructor
+             (list #$(file-append package
+                                  "/libexec/gcr-ssh-agent")
+                   "-d" socket-directory)
+             (list socket-endpoint)
+             ;; With #:lazy-start #t the first ssh connection
+             ;; hangs indefinitely.
+             #:lazy-start? #f
+             #:log-file #$log-file)))
+       (stop #~(make-systemd-destructor))))))
+
+(define (home-gcr-ssh-agent-environment-variables config)
+  `(("SSH_AUTH_SOCK" . "${XDG_RUNTIME_DIR}/gcr/ssh")))
+
+(define home-gcr-ssh-agent-service-type
+  (service-type
+   (name 'home-gcr-ssh-agent)
+   (extensions
+    (list (service-extension
+           home-shepherd-service-type
+           home-gcr-ssh-agent-shepherd-service)
+          (service-extension home-environment-variables-service-type
+                             home-gcr-ssh-agent-environment-variables)))
+   (default-value (gcr-ssh-agent-configuration))
+   (description
+    "Provides @code{gcr-ssh-agent} Shepherd service and installs
+@code{gcr} in the system profile.")))
diff --git a/gnu/local.mk b/gnu/local.mk
index 4c26080e2d3..1d7d06c6442 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -112,6 +112,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/home/services/dotfiles.scm		\
   %D%/home/services/symlink-manager.scm		\
   %D%/home/services/fontutils.scm		\
+  %D%/home/services/gnome.scm			\
   %D%/home/services/gnupg.scm			\
   %D%/home/services/guix.scm			\
   %D%/home/services/mail.scm			\