(wip) Use password-store

2024-12-29 02:43:13 -07:00
parent 52dc849c67
commit 3f0cd8d6ba
28 changed files with 35 additions and 1 deletions
--- a/.dir-locals.el
+++ b/.dir-locals.el
--- a/.gitignore
+++ b/.gitignore
--- a/.projectile
+++ b/.projectile
--- a/.sops.yaml
+++ b/.sops.yaml
--- a/README.org
+++ b/README.org
@@ -145,13 +145,18 @@ I don't know anything about either.

 ** TODO password store 4 firefox

-** TODO password store w/ age
+** DONE password store w/ age
+CLOSED: [2024-12-29 Sun 02:34]

 https://github.com/FiloSottile/passage

+** TODO Automatically sync password store
+
 ** DONE secrets
 CLOSED: [2024-12-29 Sun 01:41]

+** TODO git config
+
 ** TODO niri

 Or Qtile
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
--- a/hosts/nixos-testbed/configuration.nix
+++ b/hosts/nixos-testbed/configuration.nix
--- a/hosts/nixos-testbed/disko-config.nix
+++ b/hosts/nixos-testbed/disko-config.nix
--- a/hosts/nixos-testbed/hardware-configuration.nix
+++ b/hosts/nixos-testbed/hardware-configuration.nix
--- a/hosts/nixos-testbed/system.nix
+++ b/hosts/nixos-testbed/system.nix
--- a/lib/utils.nix
+++ b/lib/utils.nix
--- a/modules/home/impermanence.nix
+++ b/modules/home/impermanence.nix
--- a/modules/home/sops.nix
+++ b/modules/home/sops.nix
--- a/modules/nixos/erase-home-darlings.clj
+++ b/modules/nixos/erase-home-darlings.clj
--- a/modules/nixos/filesystemType.nix
+++ b/modules/nixos/filesystemType.nix
--- a/modules/nixos/gpg.nix
+++ b/modules/nixos/gpg.nix
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
--- a/modules/nixos/impermanence/erase-darlings.clj
+++ b/modules/nixos/impermanence/erase-darlings.clj
--- a/modules/nixos/niri.nix
+++ b/modules/nixos/niri.nix
--- a/modules/nixos/sops.nix
+++ b/modules/nixos/sops.nix
--- a/modules/nixos/users.nix
+++ b/modules/nixos/users.nix
--- a/secrets.yaml
+++ b/secrets.yaml
--- a/users/crumb/default.nix
+++ b/users/crumb/default.nix
--- a/users/crumb/programs.nix
+++ b/users/crumb/programs.nix
--- a/users/crumb/programs/nvim.nix
+++ b/users/crumb/programs/nvim.nix
--- a/users/crumb/programs/passage.nix
+++ b/users/crumb/programs/passage.nix
@@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+
+{
+  home.packages = [ pkgs.passage ];
+  home.file.".passage/identities".source =
+    (config.lib.file.mkOutOfStoreSymlink config.sydnix.sops.keyFile);
+  home.file.".passage/store".source =
+    (config.lib.file.mkOutOfStoreSymlink "/persist/home/crumb/.passage/store");
+
+  home.shellAliases."pass" = "${pkgs.passage/bin/passage}";
+
+  # TODO:
+  # systemd.user.services.sync-password-store = {
+  #   Unit = {
+  #     Description = "Pull and push user password store.";
+  #   };
+  #   Service = {
+  #     Environment = "PATH=/run/current-system/sw/bin";
+  #     ExecStart =
+  #       let script = ''
+  #             set -xe -o pipefail
+  #           '';
+  #       in pkgs.writeShellScript "sync-password-store" script;
+  #   };
+  #   Install = {
+  #     WantedBy = ["default.target"];
+  #   };
+  # };
+}
--- a/users/crumb/secrets.yaml
+++ b/users/crumb/secrets.yaml