nixos-config/modules/home/security/password-store.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  inherit (lib)
    mkEnableOption
    mkIf
    mkOption
    ;
  inherit (lib.types) nullOr path str;
  cfg = config.ataraxia.security.password-store;
in
{
  options.ataraxia.security.password-store = {
    enable = mkEnableOption "Whether to enable password store";
    autoSync = mkEnableOption "Whether to enable automatic sync of password store";
    store = mkOption {
      type = path;
      default = "${config.xdg.dataHome}/password-store";
    };
    gnupgHome = mkOption {
      type = path;
      default =
        if config.programs.gpg.enable then config.programs.gpg.homedir else "${config.xdg.dataHome}/gnupg";
    };
    repo = mkOption {
      default = null;
      description = "Git repository to sync with";
      type = nullOr str;
    };
    sshKey = mkOption {
      default = null;
      description = "Ssh key to use for private repository";
      type = nullOr str;
    };
  };

  config = mkIf cfg.enable {
    assertions = [
      {
        assertion = !(cfg.autoSync && cfg.repo == null);
        message = "If autoSync enabled, you must set repo to sync";
      }
      {
        assertion = !(cfg.autoSync && cfg.sskKey == null);
        message = "If autoSync enabled, you must set sshKey for connection to repo";
      }
    ];

    # TODO: autosync with git

    programs.password-store = {
      enable = true;
      package =
        if config.ataraxia.wayland.enable then
          pkgs.pass.withExtensions (exts: [ exts.pass-otp ])
        else
          pkgs.pass-wayland.withExtensions (exts: [ exts.pass-otp ]);
      settings.PASSWORD_STORE_DIR = cfg.store;
    };

    persist.state.directories = [ cfg.store ];
  };
}
feat: add pass-secret-service and password-store modules 2025-06-07 18:08:27 +03:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`let`
			`inherit (lib)`
			`mkEnableOption`
			`mkIf`
			`mkOption`
			`;`
			`inherit (lib.types) nullOr path str;`
			`cfg = config.ataraxia.security.password-store;`
			`in`
			`{`
			`options.ataraxia.security.password-store = {`
			`enable = mkEnableOption "Whether to enable password store";`
			`autoSync = mkEnableOption "Whether to enable automatic sync of password store";`
			`store = mkOption {`
			`type = path;`
			`default = "${config.xdg.dataHome}/password-store";`
			`};`
			`gnupgHome = mkOption {`
			`type = path;`
			`default =`
			`if config.programs.gpg.enable then config.programs.gpg.homedir else "${config.xdg.dataHome}/gnupg";`
			`};`
			`repo = mkOption {`
			`default = null;`
			`description = "Git repository to sync with";`
			`type = nullOr str;`
			`};`
			`sshKey = mkOption {`
			`default = null;`
			`description = "Ssh key to use for private repository";`
			`type = nullOr str;`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`assertions = [`
			`{`
			`assertion = !(cfg.autoSync && cfg.repo == null);`
			`message = "If autoSync enabled, you must set repo to sync";`
			`}`
			`{`
			`assertion = !(cfg.autoSync && cfg.sskKey == null);`
			`message = "If autoSync enabled, you must set sshKey for connection to repo";`
			`}`
			`];`

			`# TODO: autosync with git`

			`programs.password-store = {`
			`enable = true;`
			`package =`
			`if config.ataraxia.wayland.enable then`
			`pkgs.pass.withExtensions (exts: [ exts.pass-otp ])`
			`else`
			`pkgs.pass-wayland.withExtensions (exts: [ exts.pass-otp ]);`
			`settings.PASSWORD_STORE_DIR = cfg.store;`
			`};`

			`persist.state.directories = [ cfg.store ];`
			`};`
			`}`