From 9d09738e4dd4b4a80f3a26e0e0fe14a06dd53ddc Mon Sep 17 00:00:00 2001 From: pacien Date: Sun, 14 Jul 2019 21:09:53 +0200 Subject: [PATCH] password-store: add modules --- modules/misc/news.nix | 15 +++++ modules/modules.nix | 2 + modules/programs/password-store.nix | 64 ++++++++++++++++++ modules/services/password-store-sync.nix | 83 ++++++++++++++++++++++++ 4 files changed, 164 insertions(+) create mode 100644 modules/programs/password-store.nix create mode 100644 modules/services/password-store-sync.nix diff --git a/modules/misc/news.nix b/modules/misc/news.nix index a60e1eb3..a6a3d3eb 100644 --- a/modules/misc/news.nix +++ b/modules/misc/news.nix @@ -1245,6 +1245,21 @@ in A new module is available: 'services.spotifyd'. ''; } + + { + time = "2019-11-29T21:18:48+00:00"; + message = '' + A new module is available: 'programs.password-store'. + ''; + } + + { + time = "2019-11-29T21:18:48+00:00"; + condition = hostPlatform.isLinux; + message = '' + A new module is available: 'services.password-store-sync'. + ''; + } ]; }; } diff --git a/modules/modules.nix b/modules/modules.nix index 09c1a4a4..bfd864cc 100644 --- a/modules/modules.nix +++ b/modules/modules.nix @@ -82,6 +82,7 @@ let (loadModule ./programs/obs-studio.nix { }) (loadModule ./programs/offlineimap.nix { }) (loadModule ./programs/opam.nix { }) + (loadModule ./programs/password-store.nix { }) (loadModule ./programs/pazi.nix { }) (loadModule ./programs/pidgin.nix { }) (loadModule ./programs/rofi.nix { }) @@ -124,6 +125,7 @@ let (loadModule ./services/nextcloud-client.nix { }) (loadModule ./services/owncloud-client.nix { }) (loadModule ./services/parcellite.nix { }) + (loadModule ./services/password-store-sync.nix { condition = hostPlatform.isLinux; }) (loadModule ./services/pasystray.nix { }) (loadModule ./services/polybar.nix { }) (loadModule ./services/random-background.nix { }) diff --git a/modules/programs/password-store.nix b/modules/programs/password-store.nix new file mode 100644 index 00000000..a15f002c --- /dev/null +++ b/modules/programs/password-store.nix @@ -0,0 +1,64 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.programs.password-store; + +in + +{ + meta.maintainers = with maintainers; [ pacien ]; + + options.programs.password-store = { + enable = mkEnableOption "Password store"; + + package = mkOption { + type = types.package; + default = pkgs.pass; + defaultText = literalExample "pkgs.pass"; + example = literalExample '' + pkgs.pass.withExtensions (exts: [ exts.pass-otp ]) + ''; + description = '' + The pass package to use. + Can be used to specify extensions. + ''; + }; + + settings = mkOption rec { + type = with types; attrsOf str; + apply = mergeAttrs default; + default = { + PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store"; + }; + defaultText = literalExample '' + { PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; } + ''; + example = literalExample '' + { + PASSWORD_STORE_DIR = "/some/directory"; + PASSWORD_STORE_KEY = "12345678"; + PASSWORD_STORE_CLIP_TIME = "60"; + } + ''; + description = '' + The pass environment variables dictionary. + + See the "Environment variables" section of + + pass + 1 + + and the extension man pages for more information about the + available keys. + ''; + }; + }; + + config = mkIf cfg.enable { + home.packages = [ cfg.package ]; + home.sessionVariables = cfg.settings; + }; +} diff --git a/modules/services/password-store-sync.nix b/modules/services/password-store-sync.nix new file mode 100644 index 00000000..32c70ff5 --- /dev/null +++ b/modules/services/password-store-sync.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + serviceCfg = config.services.password-store-sync; + programCfg = config.programs.password-store; + +in + +{ + meta.maintainers = with maintainers; [ pacien ]; + + options.services.password-store-sync = { + enable = mkEnableOption "Password store periodic sync"; + + frequency = mkOption { + type = types.str; + default = "*:0/5"; + description = '' + How often to synchronise the password store git repository with its + default upstream. + + This value is passed to the systemd timer configuration as the + onCalendar option. + See + + systemd.time + 7 + + for more information about the format. + ''; + }; + }; + + config = mkIf serviceCfg.enable { + assertions = [ + { + assertion = programCfg.enable; + message = "The 'services.password-store-sync' module requires" + + " 'programs.password-store.enable = true'."; + } + ]; + + systemd.user.services.password-store-sync = { + Unit = { + Description = "Password store sync"; + }; + + Service = { + CPUSchedulingPolicy = "idle"; + IOSchedulingClass = "idle"; + Environment = + let + makeEnvironmentPairs = + mapAttrsToList (key: value: "${key}=${builtins.toJSON value}"); + in + makeEnvironmentPairs programCfg.settings; + ExecStart = toString (pkgs.writeShellScript "password-store-sync" '' + ${pkgs.pass}/bin/pass git pull --rebase && \ + ${pkgs.pass}/bin/pass git push + ''); + }; + }; + + systemd.user.timers.password-store-sync = { + Unit = { + Description = "Password store periodic sync"; + }; + + Timer = { + Unit = "password-store-sync.service"; + OnCalendar = serviceCfg.frequency; + Persistent = true; + }; + + Install = { + WantedBy = [ "timers.target" ]; + }; + }; + }; +}