emenel/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

rbw nonsense

Browse source
This commit is contained in:
Matt Nish-Lapidus 2024-11-02 15:51:01 -04:00
parent f7c94418e7
commit e14fd17e00
4 changed files with 208 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dotfiles/dot_config/rbw/config.json
View file

@ -7,6 +7,6 @@
"notifications_url": null,
"lock_timeout": 3600,
"sync_interval": 999999999,
"pinentry": "pinentry",
"pinentry": "rbw-pinentry-keyring",
"client_cert_path": null
}

100
dotfiles/dot_local/bin/piku Executable file
View file

@ -0,0 +1,100 @@
#!/bin/sh
# TODO: support config locations:
# ./.piku-server
# ~/.piku-server
# git config --get remote.piku.url
# git config --get remote.paas.url
if grep -q WSL /proc/version 2>/dev/null
then
# On WSL, use the Windows ssh.exe to benefit from 1Password integration
SSH="ssh.exe"
else
SSH="ssh"
fi
remote_name="piku"
if [ "$1" = "--remote" ] || [ "$1" = "-r" ]
then
shift
remote_name="$1"
shift
fi
gitremote=$(git config --get remote."$remote_name".url)
remote=${gitremote:-"${PIKU_SERVER}:${PIKU_APP}"}
githome="https://raw.githubusercontent.com/piku/piku/master/"
out() { printf "%s\n" "$*" >&2; }
if [ "$1" = "init" ]
then
if [ -f "ENV" ]
then
echo "ENV file already exists."
else
curl -s "${githome}examples/ENV" > ENV && echo "Wrote ./ENV file."
fi
if [ -f "Procfile" ]
then
echo "Procfile already exists."
else
curl -s "${githome}examples/Procfile" > Procfile && echo "Wrote ./Procfile."
fi
if [ "$gitremote" = "" ]
then
echo "Now set up your piku remote for this app:"
echo "git remote add piku piku@HOSTNAME:APPNAME"
fi
exit
fi
out "Piku remote operator."
if [ "$remote" = "" ] || [ "$remote" = ":" ]
then
out
out "Error: no piku server configured."
out "Use PIKU_SERVER=piku@MYSERVER.NET or configure a git remote called 'piku'."
out
else
server=$(echo "$remote" | cut -f1 -d":" 2>/dev/null)
app=$(echo "$remote" | cut -f2 -d":" 2>/dev/null)
# gather SSH flags
while [ "${1#\-}"x != "${1}x" ];
do
sshflags="${sshflags} ${1}"
shift
done
# check the Piku command to be run
cmd="$1"
out "Server: $server"
out "App: $app"
out
case "$cmd" in
""|help)
command $SSH -o LogLevel=QUIET ${sshflags:+${sshflags}} "$server" "$@" | grep -v "INTERNAL"
echo " shell Local command to start an SSH session in the remote."
echo " init Local command to download an example ENV and Procfile."
echo " download Local command to scp down a remote file. args: REMOTE-FILE(s) LOCAL-PATH"
echo " Remote file path is relative to the app folder."
;;
apps|setup|setup:ssh|update)
# shellcheck disable=SC2029 # caused by the final "$@", expanded on the client side
command $SSH ${sshflags:+${sshflags}} "$server" "$@"
;;
shell)
$SSH -t "$server" run "$app" bash
;;
download)
scp "$server:~/.piku/apps/${app}/${2}" "${3:-'.'}"
;;
*)
shift # remove cmd arg
# shellcheck disable=SC2029 # caused by the final "$@", expanded on the client side
command $SSH ${sshflags:+${sshflags}} "$server" "$cmd" "$app" "$@"
;;
esac
fi

102
dotfiles/dot_local/bin/rbw-pinentry-keyring Executable file
View file

@ -0,0 +1,102 @@
#!/bin/bash
[[ -z "${RBW_PROFILE}" ]] && rbw_profile='rbw' || rbw_profile="rbw-${RBW_PROFILE}"
set -eEuo pipefail
function help() {
cat <<EOHELP
Use this script as pinentry to store master password for rbw into your keyring
Usage
- run "rbw-pinentry-keyring clear" to clear the master password from your keyring
- add "rbw-pinentry-keyring" as "pinentry" in rbw config (${XDG_CONFIG_HOME}/rbw/config.json)
- use rbw as normal
Notes
- needs "secret-tool" to access keyring
- setup tested with pinentry-gnome3, but you can run the "secret-tool store"-command manually as well
- master passwords are stored into the keyring as plaintext, so secure your keyring appropriately
- supports multiple profiles, simply set RBW_PROFILE during setup
- can easily be rewritten to use other backends than keyring by setting the "secret_value"-variable
EOHELP
}
function clear() {
secret-tool clear application rbw profile "$rbw_profile" type master_password
}
function getpin() {
echo 'OK'
title=""
prompt=""
desc=""
while IFS=' ' read -r command args ; do
case "$command" in
SETTITLE)
title="$args"
echo 'OK'
;;
SETDESC)
desc="$args"
echo 'OK'
;;
SETPROMPT)
prompt="$args"
echo 'OK'
;;
GETPIN)
if [[ "$prompt" == "Master Password" ]]; then
set +e
secret_value="$(secret-tool lookup application rbw profile "$rbw_profile" type master_password)"
err=$?
set -e
if [[ $err == 1 ]]; then
cmd="SETTITLE rbw\n"
cmd+="SETPROMPT Master Password\n"
cmd+="SETDESC Please enter the master password for '$rbw_profile'\n"
cmd+="GETPIN\n"
secret_value="$(printf "$cmd" | pinentry | grep -E "^D " | cut -c3-)"
if [ -n "$secret_value" ]; then
echo -n "$secret_value" | secret-tool store --label="$rbw_profile master password" application rbw profile "$rbw_profile" type master_password >/dev/null 2>&1
fi
fi
printf 'D %s\n' "$secret_value"
echo 'OK'
else
cmd="SETTITLE $title\n"
cmd+="SETPROMPT $prompt\n"
cmd+="SETDESC $desc\n"
cmd+="GETPIN\n"
secret_value="$(printf "$cmd" | pinentry | grep -E "^D " | cut -c3-)"
printf 'D %s\n' "$secret_value"
echo 'OK'
fi
;;
BYE)
exit
;;
*)
echo 'ERR Unknown command'
;;
esac
done
}
command="$1"
case "$command" in
-h|--help|help)
help
;;
-c|--clear|clear)
clear
;;
*)
getpin
;;
esac

5
home/home.nix
View file

@ -508,5 +508,10 @@
home.file.".msmtprc".source = ../dotfiles/dot_msmtprc;
home.file.".mbsyncrc".source = ../dotfiles/dot_mbsyncrc;
home.file.".local/bin" = {
source = ../dotfiles/dot_local/bin;
recursive = true;
};
home.file.".local/share/flf".source = ../dotfiles/dot_local/share/flf;
}