sid/synix
1
0
Fork 0
Code Issues 7 Pull requests 1 Projects Activity Actions

initial commit
All checks were successful
Deploy docs / build-and-deploy (push) Successful in 3s
Details

Browse source
This commit is contained in:
sid 2026-02-23 20:34:35 +01:00
commit 95a533c876
451 changed files with 18255 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

84
docs/modules/home/password-manager.md Normal file
View file

@ -0,0 +1,84 @@
# Password Manager
This module will automatically install [`pass`](https://www.passwordstore.org/) as your password manager. It also provides a custom version of [`passmenu`](https://git.zx2c4.com/password-store/tree/contrib/dmenu/passmenu) using `bemenu` for Wayland sessions called `passmenu-bemenu` and configures [passff](https://codeberg.org/PassFF/passff) for your web browser.
View the [*synix* Home Manager module on Forgejo](https://git.sid.ovh/sid/synix/tree/master/modules/home/password-manager).
## Setup
It is assumed that you have a GPG key.
### HM config
```nix
imports = [
inputs.synix.homeModules.passwordManager
];
programs.passwordManager = {
enable = true;
key = "YOUR_GPG_KEYGRIP";
wayland = true; # if you are using Wayland
};
```
> Get your keygrip with `gpg -K --with-keygrip`
### Password Store
`pass` uses a Password Store to manage your password files. If this is your first time using `pass`, follow option _a)_. If you already have a remote git repository to store your password-store, follow option _b)_.
#### a) Initialize a new Password Store
Read the introduction and setup guide on the [pass home page](https://passwordstore.org).
#### b) Cloning your remote password-store repository
The following guide assumes that you have your private GPG key on a luks encrypted USB partition which is needed to access your remote repo through ssh.
1. **Identify the USB device**:
Identify the device name for your USB drive using the `lsblk` or `fdisk -l` command.
```bash
lsblk
```
Look for the device corresponding to your USB drive (e.g., `/dev/sdb1`).
2. **Unlock the LUKS partition**:
Unlock the LUKS partition with the `cryptsetup luksOpen` command. Replace `/dev/sdX1` with the actual device name of your USB partition.
```bash
sudo cryptsetup luksOpen /dev/sdX1 crypt
```
You will be prompted to enter the passphrase for the LUKS partition.
3. **Mount the unlocked partition**:
Mount the unlocked LUKS partition to access the files.
```bash
sudo mount /dev/mapper/crypt /mnt
```
4. **Import the GPG key**:
Use the `gpg --import` command to import the GPG key from the mounted USB partition.
```bash
gpg --import /mnt/path/to/privatekey.gpg
```
5. **Unmount and close the LUKS partition**:
After importing the key, unmount the partition and close the LUKS mapping.
```bash
sudo umount /mnt
sudo cryptsetup luksClose crypt
```
6. **Clone your password store repository**:
Clone your password store repository using the `git clone` command, for example:
```bash
git clone ssh://example.tld:/home/you/git/password-store.git ~/.local/share/password-store
```