home-manager: add `isTrusted`

Install and configure some programs only on trusted machines. On trusted
machines, my mails, GPG and a few other things are configured. A machine
where this is not needed on a regular basis to get things done don't
need that much information.

Also rename `desktop/trust` to `trusted`, in case we want these packages
on a host that is not a desktop, and `trusted` is a better description.

1 files changed, 35 insertions, 0 deletions

diff --git a/users/fcuny/trusted/pass.nix b/users/fcuny/trusted/pass.nix
new file mode 100644
index 0000000..a552318
--- /dev/null
+++ b/users/fcuny/trusted/pass.nix
@@ -0,0 +1,35 @@
+{ pkgs, config, ... }:
+
+{
+  programs.password-store = {
+    enable = true;
+    settings = {
+      PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store";
+      PASSWORD_STORE_GENERATED_LENGTH = "30";
+      PASSWORD_STORE_CHARACTER_SET = "a-zA-Z0-9~!@#$%^&*()-_=+[]{};:,.<>?";
+      PASSWORD_STORE_KEY = config.programs.gpg.settings.default-key;
+    };
+  };
+
+  programs.git = {
+    signing = {
+      key = config.programs.gpg.settings.default-key;
+      signByDefault = true;
+    };
+    extraConfig = {
+      credential = {
+        helper = "${pkgs.gitAndTools.pass-git-helper}/bin/pass-git-helper";
+        useHttpPath = true;
+      };
+    };
+  };
+
+  xdg.configFile."pass-git-helper/git-pass-mapping.ini" = {
+    source = ./git-pass-mapping.ini;
+  };
+
+  services.password-store-sync.enable = true;
+
+  # Ensure the password store things are in the systemd session
+  systemd.user.sessionVariables = config.programs.password-store.settings;
+}