initial commit

modules/home/password-manager/default.nix

@@ -0,0 +1,115 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.programs.passwordManager;
+  passmenuScript = pkgs.writeShellScriptBin "passmenu-bemenu" (builtins.readFile ./passmenu); # TODO: override original passmenu script coming from pass itself
+  passff-host = pkgs.passff-host;
+
+  inherit (lib)
+    mkDefault
+    mkEnableOption
+    mkIf
+    mkOption
+    mkOverride
+    types
+    ;
+in
+{
+  options.programs.passwordManager = {
+    enable = mkEnableOption "password manager using pass, passmenu, and passff.";
+    length = mkOption {
+      type = types.str;
+      default = "20";
+      description = "Default length for generated passwords.";
+    };
+    charset = mkOption {
+      type = types.enum [
+        "alphanumerical"
+        "ascii"
+        "custom"
+      ];
+      default = "alphanumerical";
+      description = ''
+        Character set for generated passwords. "alphanumerical" and "ascii" will get overwritten by the corresponding charset. Anything else will get parsed as the charset directly.
+      '';
+    };
+    editor = mkOption {
+      type = types.str;
+      default = "nvim";
+      description = "Editor to use for editing passwords. Make sure it is installed on your system.";
+    };
+    wayland = mkOption {
+      type = types.bool;
+      default = false;
+      description = "If true, bemenu and ydotool will be used instead of dmenu and xdotool.";
+    };
+    key = mkOption {
+      type = types.str;
+      default = "";
+      description = "GPG key for password store.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    programs.password-store = {
+      enable = true;
+      package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
+      settings = {
+        PASSWORD_STORE_DIR = mkDefault "${config.xdg.dataHome}/password-store";
+        PASSWORD_STORE_KEY = mkIf (cfg.key != "") cfg.key;
+        PASSWORD_STORE_GENERATED_LENGTH = cfg.length;
+        PASSWORD_STORE_CHARACTER_SET =
+          if cfg.charset == "alphanumerical" then
+            "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+          else if cfg.charset == "ascii" then
+            "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=[]{}|;:',.<>/?"
+          else
+            cfg.charset;
+        PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
+        EDITOR = cfg.editor;
+      };
+    };
+
+    services.gpg-agent.pinentry.package = mkOverride 1001 pkgs.pinentry-qt; # mkDefault collides with gpg home module
+
+    home.packages = [
+      passmenuScript
+      pkgs.zbar
+    ]
+    ++ (
+      if cfg.wayland then
+        [
+          pkgs.bemenu
+          pkgs.ydotool
+        ]
+      else
+        [
+          pkgs.dmenu
+          pkgs.xdotool
+        ]
+    );
+
+    home.sessionVariables.PASSWORD_STORE_MENU = if cfg.wayland then "bemenu" else "dmenu";
+
+    # FIXME: passff does not autofill OTPs
+    programs.librewolf = mkIf config.programs.librewolf.enable {
+      package = pkgs.librewolf.override {
+        nativeMessagingHosts = [
+          passff-host
+        ];
+        hasMozSystemDirPatch = true;
+      };
+      nativeMessagingHosts = [ passff-host ];
+      profiles.default.extensions.packages =
+        with inputs.nur.legacyPackages."${pkgs.stdenv.hostPlatform.system}".repos.rycee.firefox-addons; [
+          passff
+        ];
+    };
+  };
+}