dotfiles/nix-conf/home-manager/base/keepass.nix

62 lines
2.0 KiB
Nix
Raw Permalink Normal View History

2022-12-30 08:45:15 +00:00
{ config, proj_root, pkgs, lib, ... }:
let
cfg = config.base.keepass;
trimNull = lib.filterAttrsRecursive (name: value: value != null);
2022-12-30 08:45:15 +00:00
in
{
2022-12-30 10:40:05 +00:00
imports = [ ./graphics.nix ];
2022-12-30 08:45:15 +00:00
options.base.keepass = {
2022-12-30 10:40:05 +00:00
enable = lib.mkEnableOption "keepass";
use_gui = lib.mkOption {
type = lib.types.bool;
description = "Whether to enable keepass GUI (the original one)";
2022-12-30 10:40:05 +00:00
default = false;
example = "true";
};
path = lib.mkOption {
type = lib.types.path;
description = "Path to kdbx file";
default = null;
example = "/media/homelab/f/PersistentHotStorage/keepass.kdbx";
};
keyfile_path = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = ''
2023-01-13 06:42:21 +00:00
Path to key file for the database
If null, then the field is unset
'';
default = null;
example = "/path/to/mykeyfile.key";
};
store_encrypted_password = lib.mkOption {
type = lib.types.bool;
description = "Whether to store encrypted password for 24 hrs before re-prompt";
default = true;
example = "false";
};
copy_timeout_secs = lib.mkOption {
type = lib.types.int;
description = "Timeout (seconds) before the password is expired from clipboard";
default = 12;
example = "60";
};
2022-12-30 08:45:15 +00:00
};
config = lib.mkIf cfg.enable {
home.packages = [
pkgs.kpcli-py # kp but is in cli
2022-12-30 10:40:05 +00:00
] ++ (if cfg.use_gui or config.base.graphics._enable then [
2022-12-30 08:45:15 +00:00
pkgs.keepass # Personal secret management
] else [ ]);
# TODO: an alternative is to symlink safely-stored password onto here
2023-01-13 06:42:21 +00:00
home.file.".kp/config.ini".text = lib.generators.toINI { } (trimNull {
default = {
KEEPASSDB = cfg.path;
KEEPASSDB_KEYFILE = cfg.keyfile_path;
STORE_ENCRYPTED_PASSWORD = cfg.store_encrypted_password;
KEEPASSDB_PASSWORD = null; # TODO: There is no way to store via file. This field expects plain-text
KEEPASSDB_TIMEOUT = cfg.copy_timeout_secs;
};
});
2022-12-30 08:45:15 +00:00
};
}