dotfiles/nix-conf/home-manager/base/keepass.nix

71 lines
1.9 KiB
Nix

{
config,
proj_root,
pkgs,
lib,
...
}: let
cfg = config.base.keepass;
trimNull = lib.filterAttrsRecursive (name: value: value != null);
in {
imports = [./graphics.nix];
options.base.keepass = {
enable = lib.mkEnableOption "keepass";
use_gui = lib.mkOption {
type = lib.types.bool;
description = "wheter to enable keepass GUI (the original one)";
default = false;
example = "true";
};
path = lib.mkOption {
type = lib.types.path;
description = "Path to kdbx file";
default = null;
example = "/media/homelab/f/PersistentHotStorage/keepass.kdbx";
};
keyfile_path = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = ''
Path to key file for the database
If null, then the field is unset
'';
default = null;
example = "/path/to/mykeyfile.key";
};
store_encrypted_password = lib.mkOption {
type = lib.types.bool;
description = "Whether to store encrypted password for 24 hrs before re-prompt";
default = true;
example = "false";
};
copy_timeout_secs = lib.mkOption {
type = lib.types.int;
description = "Timeout (seconds) before the password is expired from clipboard";
default = 12;
example = "60";
};
};
config = lib.mkIf cfg.enable {
home.packages =
[
pkgs.kpcli-py # kp but is in cli
]
++ (
if cfg.use_gui or config.base.graphics._enable
then [
pkgs.keepass # Personal secret management
]
else []
);
home.file.".kp/config.ini".text = lib.generators.toINI {} (trimNull {
default = {
KEEPASSDB = cfg.path;
KEEPASSDB_KEYFILE = cfg.keyfile_path;
STORE_ENCRYPTED_PASSWORD = cfg.store_encrypted_password;
KEEPASSDB_PASSWORD = null; # No good way yet to store the password
KEEPASSDB_TIMEOUT = cfg.copy_timeout_secs;
};
});
};
}