services.xserver.startGnuPGAgent: remove obsolete NixOS option

GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
longer requires (or even supports) the "start everything as a child of the
agent" scheme we've implemented in NixOS for older versions.

To configure the gpg-agent for your X session, add the following code to
~/.xsession or some other appropriate place that's sourced at start-up:

    gpg-connect-agent /bye
    GPG_TTY=$(tty)
    export GPG_TTY

If you want to use gpg-agent for SSH, too, also add the settings

    unset SSH_AGENT_PID
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

and make sure that

    enable-ssh-support

is included in your ~/.gnupg/gpg-agent.conf.

The gpg-agent(1) man page has more details about this subject, i.e. in the
"EXAMPLES" section.

nixos/modules/config/gnu.nix

@@ -37,7 +37,6 @@ with lib;
     services.openssh.enable = false;
     services.lshd.enable = true;
     programs.ssh.startAgent = false;
-    services.xserver.startGnuPGAgent = true;
 
     # TODO: GNU dico.
     # TODO: GNU Inetutils' inetd.

nixos/modules/rename.nix

@@ -111,6 +111,7 @@ with lib;
     (mkRemovedOptionModule [ "services" "openvpn" "enable" ])
     (mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ])
     (mkRemovedOptionModule [ "services" "printing" "cupsdConf" ])
+    (mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ])
 
   ];
 }

nixos/modules/services/x11/display-managers/default.nix

@@ -49,17 +49,6 @@ let
         fi
       ''}
 
-      ${optionalString cfg.startGnuPGAgent ''
-        if test -z "$SSH_AUTH_SOCK"; then
-            # Restart this script as a child of the GnuPG agent.
-            exec "${pkgs.gnupg}/bin/gpg-agent"                         \
-              --enable-ssh-support --daemon                             \
-              --pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2"  \
-              --write-env-file "$HOME/.gpg-agent-info"                  \
-              "$0" "$sessionType"
-        fi
-      ''}
-
       # Handle being called by kdm.
       if test "''${1:0:1}" = /; then eval exec "$1"; fi
 

nixos/modules/services/x11/xserver.nix

@@ -219,17 +219,6 @@ in
         '';
       };
 
-      startGnuPGAgent = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to start the GnuPG agent when you log in.  The GnuPG agent
-          remembers private keys for you so that you don't have to type in
-          passphrases every time you make an SSH connection or sign/encrypt
-          data.  Use <command>ssh-add</command> to add a key to the agent.
-        '';
-      };
-
       startDbusSession = mkOption {
         type = types.bool;
         default = true;
@@ -444,14 +433,7 @@ in
       in optional (driver != null) ({ inherit name; driverName = name; } // driver));
 
     assertions =
-      [ { assertion = !(config.programs.ssh.startAgent && cfg.startGnuPGAgent);
+      [ { assertion = config.security.polkit.enable;
-          message =
-            ''
-              The OpenSSH agent and GnuPG agent cannot be started both. Please
-              choose between ‘programs.ssh.startAgent’ and ‘services.xserver.startGnuPGAgent’.
-            '';
-        }
-        { assertion = config.security.polkit.enable;
           message = "X11 requires Polkit to be enabled (‘security.polkit.enable = true’).";
         }
       ];