From 956c4cd619b03592e463b8a69485da9f33b4c7ab Mon Sep 17 00:00:00 2001
From: Don Harper <duck@duckland.org>
Date: Sat, 30 May 2026 21:56:59 -0500
Subject: [PATCH] task | add password-store

---
 home/common/default.nix  |  1 +
 home/common/pass.nix     | 41 ++++++++++++++++++++++++++++++++++++++++
 home/gui/qutebrowser.nix |  4 +++-
 modules/default.nix      |  1 +
 4 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 home/common/pass.nix

diff --git a/home/common/default.nix b/home/common/default.nix
index 8f3d44b..bf7bf8d 100644
--- a/home/common/default.nix
+++ b/home/common/default.nix
@@ -17,6 +17,7 @@
     ./newsboat.nix
     ./nixvim.nix
     # ./nvf.nix
+    ./pass.nix
     ./ssh.nix
     ./taskwarrior.nix
     ./topgrade.nix
diff --git a/home/common/pass.nix b/home/common/pass.nix
new file mode 100644
index 0000000..43d99f2
--- /dev/null
+++ b/home/common/pass.nix
@@ -0,0 +1,41 @@
+{
+  osConfig,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib) mkIf;
+  inherit (osConfig) modules;
+
+  sys = modules.system;
+in {
+  config = {
+    programs = {
+      # password-store pass
+      password-store = {
+        enable = true;
+        package = pkgs.pass.withExtensions (exts: [exts.pass-otp exts.pass-audit exts.pass-update exts.pass-import]);
+        settings = {
+          PASSWORD_STORE_KEY = "CCD8E76F07EA701B";
+          PASSWORD_STORE_CLIP_TIME = "30";
+          PASSWORD_STORE_GENERATED_LENGTH = "120";
+          PASSWORD_STORE_CHARACTER_SET = "A-Za-z0-9!@#$%";
+          PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS = "A-Za-z0-9";
+          PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
+        };
+      };
+    };
+
+    services = {
+      # Enable pass to integrate with the libsecret D-Bus API for password management
+      pass-secret-service = {
+        enable = true;
+      };
+    };
+
+    #  home.file.".config/pass-git-helper" = {
+    #    source = ./git-pass-mapping;
+    #    recursive = true;
+    #  };
+  };
+}
diff --git a/home/gui/qutebrowser.nix b/home/gui/qutebrowser.nix
index 3d32a38..690c949 100644
--- a/home/gui/qutebrowser.nix
+++ b/home/gui/qutebrowser.nix
@@ -13,7 +13,9 @@
         ",M" = "spawn --userscript mealie";
         ",N" = "spawn --userscript saveurl";
         ",O" = "spawn --userscript obsidian-import-lite";
+        ",P" = "spawn --userscript qute-pass --password-only";
         ",R" = "spawn --userscript obsidian-import -r";
+        ",T" = "spawn --userscript qute-bitwarden --totp-only";
         ",U" = "spawn --userscript sendurl";
         ",V" = "hint links spawn myweb {hint-url}";
         ",d" = "spawn --userscript open_download";
@@ -22,7 +24,7 @@
         ",n" = ''config-cycle content.user_stylesheets /home/don/src/solarized-everything-css/css/mine.css ""'';
         ",o" = "spawn --userscript obsidian-import";
         ",r" = "spawn --userscript recipe";
-        ",t" = "spawn --userscript qute-bitwarden --totp-only";
+        ",t" = "spawn --userscript qute-pass --otp-only";
         ",u" = "spawn --userscript sendphone";
         ",v" = "spawn /home/don/bin/myweb {url}";
         ",w" = "cmd-set-text -s :spawn --userscript taskadd";
diff --git a/modules/default.nix b/modules/default.nix
index 6bfd709..7df3044 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -2,5 +2,6 @@
   imports = [
     # ./beszel-agent.nix
     ./ollama.nix
+    ./pass.nix
   ];
 }