nixos/system/home/services/password-store/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:
{
  xdg.configFile."pass-git-helper/git-pass-mapping.ini".source = ./git-pass-mapping.ini;
  programs = {
    gpg.enable = true;
    password-store = {
      enable = true;
      package = pkgs.pass-nodmenu.withExtensions (
        exts: with exts; [
          pass-update
          pass-import
        ]
      ); # pass-audit
      settings = {
        PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store";
        PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
      };
    };
  };
  services = {
    gpg-agent =
      let
        ttl = 86400;
      in
      {
        enable = true;
        maxCacheTtl = ttl;
        defaultCacheTtl = ttl;
        defaultCacheTtlSsh = ttl;
        pinentryPackage = lib.mkDefault pkgs.pinentry-all;
      };
    git-sync.repositories.password-store = {
      path = "${config.home.homeDirectory}/.password-store";
      uri = "git+https://git.xenia.me.uk/xenia/pass.git";
    };
  };
}