Configurazione NixOS
nix
{ config, lib, pkgs, ... }:
# Pass - Unix Password Store Configuration
# Used for managing development secrets (Docker env vars, API keys, credentials)
#
# Usage:
# pass init <gpg-id> # Initialize with your GPG key
# pass insert dev/docker/db_pass # Add a secret
# pass dev/docker/db_pass # Retrieve a secret
# export VAR=$(pass dev/myvar) # Use in scripts
#
# GPG Agent caches passphrase for 8 hours (configurable below)
{
environment.systemPackages = with pkgs; [
pass # Core password store
pass-wayland # Wayland clipboard integration
gnupg # GPG encryption backend
pinentry-curses # Terminal PIN entry
pinentry-gnome3 # GUI PIN entry (optional)
# Useful extensions
pass-otp # TOTP/HOTP support
passExtensions.pass-import # Import from other password managers
];
programs.gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-curses;
enableSSHSupport = true;
# Cache passphrase for extended development sessions
# Configured via ~/.gnupg/gpg-agent.conf:
# default-cache-ttl 28800 (8 hours)
# max-cache-ttl 28800
};
# Environment variables for pass
environment.sessionVariables = {
PASSWORD_STORE_DIR = "$HOME/.password-store";
PASSWORD_STORE_CLIP_TIME = "45"; # Clipboard clear time in seconds
};
}