update secrets module

modules/secrets.nix

@@ -45,6 +45,20 @@ let
     };
   };
 
+  activate-secrets = pkgs.writeShellScriptBin "activate-secrets" ''
+    set -euo pipefail
+    export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+    if [ -d "${password-store}/.git" ]; then
+      cd "${password-store}"; ${pkgs.git}/bin/git pull
+    else
+      ${pkgs.git}/bin/git clone ${
+        lib.escapeShellArg config.secretsConfig.repo
+      } "${password-store}"
+    fi
+    cat ${password-store}/spotify.gpg | ${pkgs.gnupg}/bin/gpg --decrypt > /dev/null
+    sudo systemctl restart ${allServices}
+  '';
+
   decrypt = name: cfg:
     with cfg; {
       "${name}-secrets" = rec {
@@ -95,23 +109,6 @@ let
     (builtins.attrNames config.secrets-envsubst)
     ++ map (name: "${name}-secrets.service")
     (builtins.attrNames config.secrets));
-
-  activate-secrets = pkgs.writeShellScriptBin "activate-secrets" ''
-    set -euo pipefail
-    # Make sure card is available and unlocked
-    # echo fetch | gpg --card-edit --no-tty --command-fd=0
-    # ${pkgs.gnupg}/bin/gpg --card-status
-    if [ -d "${password-store}/.git" ]; then
-      cd "${password-store}"; ${pkgs.git}/bin/git pull
-    else
-      ${pkgs.git}/bin/git clone ${lib.escapeShellArg config.secretsConfig.repo} "${password-store}"
-    fi
-    ln -sf ${
-      pkgs.writeShellScript "push" "${pkgs.git}/bin/git push origin master"
-    } "${password-store}/.git/hooks/post-commit"
-    cat ${password-store}/spotify.gpg | ${pkgs.gnupg}/bin/gpg --decrypt > /dev/null
-    sudo systemctl restart ${allServices}
-  '';
 in {
   options.secrets = lib.mkOption {
     type = attrsOf (submodule secret);
@@ -121,15 +118,13 @@ in {
   options.secretsConfig = {
     repo = lib.mkOption {
       type = str;
-      default = "ssh://git@github.com/AlukardBF/pass";
+      default = "ssh://gitea@gitea.ataraxiadev.com:AtaraxiaDev/pass.git";
     };
   };
 
   config.systemd.services =
     mkMerge (concatLists (mapAttrsToList mkServices config.secrets));
 
-  config.environment.systemPackages = [ activate-secrets ];
-
   config.security.sudo.extraRules = [{
     users = [ "alukard" ];
     commands = [{
@@ -139,8 +134,38 @@ in {
   }];
 
   config.home-manager.users.alukard = {
-    xsession.windowManager.i3 = {
+    systemd.user.services.activate-secrets = {
-      config.startup = [{ command = "activate-secrets"; }];
+      Service = {
+        ExecStart = "${activate-secrets}/bin/activate-secrets";
+        Type = "oneshot";
+      };
+      Unit = {
+        PartOf = [ "graphical-session-pre.target" ];
+      };
+      Install.WantedBy = [ "graphical-session-pre.target" ];
+    };
+    systemd.user.services.pass-store-sync = {
+      Service = {
+        Environment = [
+          "PASSWORD_STORE_DIR=${password-store}"
+          "PATH=${lib.makeBinPath [ pkgs.pass pkgs.inotify-tools pkgs.gnupg ]}"
+        ];
+        ExecStart = toString (pkgs.writeShellScript "pass-store-sync" ''
+          export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
+          while inotifywait "$PASSWORD_STORE_DIR" -r -e move -e close_write -e create -e delete --exclude .git; do
+            sleep 0.1
+            pass git add --all
+            pass git commit -m "$(date +%F)_$(date+%T)"
+            pass git pull --rebase
+            pass git push
+          done
+        '');
+      };
+      Unit = rec {
+        After = [ "activate-secrets.service" ];
+        Wants = After;
+      };
+      Install.WantedBy = [ "graphical-session-pre.target" ];
     };
     programs.password-store = {
       enable = true;
@@ -148,4 +173,4 @@ in {
       settings.PASSWORD_STORE_DIR = password-store;
     };
   };
-}
+}

profiles/overlay.nix

@@ -1,6 +1,6 @@
 { pkgs, config, lib, inputs, ... }:
 let
-  system = "x86_64-linux";
+  inherit (pkgs) system;
   stable = import inputs.nixpkgs-stable ({
     config = config.nixpkgs.config;
     localSystem = { inherit system; };
@@ -12,7 +12,6 @@ let
 in
 with lib; {
   nixpkgs.overlays = [
-    inputs.android-nixpkgs.overlay
     inputs.nixpkgs-wayland.overlay
     (self: super:
       rec {
@@ -33,6 +32,7 @@ with lib; {
         youtube-to-mpv = pkgs.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
         vivaldi = master.vivaldi;
         wine = super.wineWowPackages.staging;
+        pass-secret-service = super.pass-secret-service.overrideAttrs (_: { installCheckPhase = null; });
         qbittorrent = super.qbittorrent.overrideAttrs (old: rec {
           version = "enchanced-edition";
           src = inputs.qbittorrent-ee;

profiles/workspace/misc.nix

@@ -11,6 +11,22 @@
     news.display = "silent";
     systemd.user.startServices = true;
     home.stateVersion = "21.11";
+
+    #TODO: Move to another file
+    services.pass-secret-service.enable = true;
+    systemd.user.services.pass-secret-service = {
+      Service = {
+        ExecStart = lib.mkForce
+          "${pkgs.pass-secret-service}/bin/pass_secret_service --path ${config.environment.variables.PASSWORD_STORE_DIR}";
+        Type = "dbus";
+        BusName = "org.freedesktop.secrets";
+      };
+      Unit = rec {
+        Wants = [ "gpg-agent.service" "activate-secrets.service" ];
+        After = Wants;
+        PartOf = [ "graphical-session-pre.target" ];
+      };
+    };
   };
 
   system.stateVersion = "21.11";