password-store: add modules

modules/misc/news.nix

@@ -1245,6 +1245,21 @@ in
           A new module is available: 'services.spotifyd'.
         '';
       }
+
+      {
+        time = "2019-11-29T21:18:48+00:00";
+        message = ''
+          A new module is available: 'programs.password-store'.
+        '';
+      }
+
+      {
+        time = "2019-11-29T21:18:48+00:00";
+        condition = hostPlatform.isLinux;
+        message = ''
+          A new module is available: 'services.password-store-sync'.
+        '';
+      }
     ];
   };
 }

modules/modules.nix

@@ -82,6 +82,7 @@ let
     (loadModule ./programs/obs-studio.nix { })
     (loadModule ./programs/offlineimap.nix { })
     (loadModule ./programs/opam.nix { })
+    (loadModule ./programs/password-store.nix { })
     (loadModule ./programs/pazi.nix { })
     (loadModule ./programs/pidgin.nix { })
     (loadModule ./programs/rofi.nix { })
@@ -124,6 +125,7 @@ let
     (loadModule ./services/nextcloud-client.nix { })
     (loadModule ./services/owncloud-client.nix { })
     (loadModule ./services/parcellite.nix { })
+    (loadModule ./services/password-store-sync.nix { condition = hostPlatform.isLinux; })
     (loadModule ./services/pasystray.nix { })
     (loadModule ./services/polybar.nix { })
     (loadModule ./services/random-background.nix { })

modules/programs/password-store.nix

@@ -0,0 +1,64 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.programs.password-store;
+
+in
+
+{
+  meta.maintainers = with maintainers; [ pacien ];
+
+  options.programs.password-store = {
+    enable = mkEnableOption "Password store";
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.pass;
+      defaultText = literalExample "pkgs.pass";
+      example = literalExample ''
+        pkgs.pass.withExtensions (exts: [ exts.pass-otp ])
+      '';
+      description = ''
+        The <literal>pass</literal> package to use.
+        Can be used to specify extensions.
+      '';
+    };
+
+    settings = mkOption rec {
+      type = with types; attrsOf str;
+      apply = mergeAttrs default;
+      default = {
+        PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store";
+      };
+      defaultText = literalExample ''
+        { PASSWORD_STORE_DIR = "$XDG_DATA_HOME/password-store"; }
+      '';
+      example = literalExample ''
+        {
+          PASSWORD_STORE_DIR = "/some/directory";
+          PASSWORD_STORE_KEY = "12345678";
+          PASSWORD_STORE_CLIP_TIME = "60";
+        }
+      '';
+      description = ''
+        The <literal>pass</literal> environment variables dictionary.
+        </para><para>
+        See the "Environment variables" section of
+        <citerefentry>
+          <refentrytitle>pass</refentrytitle>
+          <manvolnum>1</manvolnum>
+        </citerefentry>
+        and the extension man pages for more information about the
+        available keys.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = [ cfg.package ];
+    home.sessionVariables = cfg.settings;
+  };
+}

modules/services/password-store-sync.nix

@@ -0,0 +1,83 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  serviceCfg = config.services.password-store-sync;
+  programCfg = config.programs.password-store;
+
+in
+
+{
+  meta.maintainers = with maintainers; [ pacien ];
+
+  options.services.password-store-sync = {
+    enable = mkEnableOption "Password store periodic sync";
+
+    frequency = mkOption {
+      type = types.str;
+      default = "*:0/5";
+      description = ''
+        How often to synchronise the password store git repository with its
+        default upstream.
+        </para><para>
+        This value is passed to the systemd timer configuration as the
+        <literal>onCalendar</literal> option.
+        See
+        <citerefentry>
+          <refentrytitle>systemd.time</refentrytitle>
+          <manvolnum>7</manvolnum>
+        </citerefentry>
+        for more information about the format.
+      '';
+    };
+  };
+
+  config = mkIf serviceCfg.enable {
+    assertions = [
+      {
+        assertion = programCfg.enable;
+        message = "The 'services.password-store-sync' module requires"
+          + " 'programs.password-store.enable = true'.";
+      }
+    ];
+
+    systemd.user.services.password-store-sync = {
+      Unit = {
+        Description = "Password store sync";
+      };
+
+      Service = {
+        CPUSchedulingPolicy = "idle";
+        IOSchedulingClass = "idle";
+        Environment =
+          let
+            makeEnvironmentPairs =
+              mapAttrsToList (key: value: "${key}=${builtins.toJSON value}");
+          in
+            makeEnvironmentPairs programCfg.settings;
+        ExecStart = toString (pkgs.writeShellScript "password-store-sync" ''
+          ${pkgs.pass}/bin/pass git pull --rebase && \
+          ${pkgs.pass}/bin/pass git push
+        '');
+      };
+    };
+
+    systemd.user.timers.password-store-sync = {
+      Unit = {
+        Description = "Password store periodic sync";
+      };
+
+      Timer = {
+        Unit = "password-store-sync.service";
+        OnCalendar = serviceCfg.frequency;
+        Persistent = true;
+      };
+
+      Install = {
+        WantedBy = [ "timers.target" ];
+      };
+    };
+  };
+}