diff options
| author | William Carroll <wpcarro@gmail.com> | 2022-01-18T20·11-0800 |
|---|---|---|
| committer | clbot <clbot@tvl.fyi> | 2022-01-27T05·37+0000 |
| commit | c73441631440dd60b1cfab0db0ddde8fdbe45b33 (patch) | |
| tree | e2033a0649a43a42c6e1d7d3ea4240c686775d0a | |
| parent | 186e87fe0f054395af00f9fe9c76141097779ee7 (diff) | |
feat(wpcarro/configs): Define {import,export}-gpg in Nix r/3679
Note: Calling `export-gpg` (relying on the symlink to `__dispatch.sh`) hangs because it's prompting the user for the password to decrypt the secrets, but for some reason no prompt displays. When I call... ```shell $ nix-build /depot -A users.wpcarro.configs.export-gpg $ ./result ``` ...it WAIs. I need to debug this, but I'm committing the work for now because it's making my `magit-status` noisy. TODO(wpcarro): Merge and reconcile configs, dotfiles. Change-Id: I2b91323824cab37daa9d880cbb42f38e33ca10e1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4998 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
| -rwxr-xr-x | users/wpcarro/bin/__dispatch.sh | 6 | ||||
| l--------- | users/wpcarro/bin/export-gpg | 1 | ||||
| l--------- | users/wpcarro/bin/import-gpg | 1 | ||||
| -rw-r--r-- | users/wpcarro/configs/default.nix | 67 |
4 files changed, 72 insertions, 3 deletions
diff --git a/users/wpcarro/bin/__dispatch.sh b/users/wpcarro/bin/__dispatch.sh index b7671562eb..17556ad2e0 100755 --- a/users/wpcarro/bin/__dispatch.sh +++ b/users/wpcarro/bin/__dispatch.sh @@ -12,6 +12,12 @@ case "${TARGET_TOOL}" in deploy-diogenes) attr="users.wpcarro.nixos.deploy-diogenes" ;; + import-gpg) + attr="users.wpcarro.configs.import-gpg" + ;; + export-gpg) + attr="users.wpcarro.configs.export-gpg" + ;; *) echo "The tool '${TARGET_TOOL}' is currently not installed in this repository." exit 1 diff --git a/users/wpcarro/bin/export-gpg b/users/wpcarro/bin/export-gpg new file mode 120000 index 0000000000..8390ec9c96 --- /dev/null +++ b/users/wpcarro/bin/export-gpg @@ -0,0 +1 @@ +__dispatch.sh \ No newline at end of file diff --git a/users/wpcarro/bin/import-gpg b/users/wpcarro/bin/import-gpg new file mode 120000 index 0000000000..8390ec9c96 --- /dev/null +++ b/users/wpcarro/bin/import-gpg @@ -0,0 +1 @@ +__dispatch.sh \ No newline at end of file diff --git a/users/wpcarro/configs/default.nix b/users/wpcarro/configs/default.nix index 5b0b6a7dcc..81ba5b4d48 100644 --- a/users/wpcarro/configs/default.nix +++ b/users/wpcarro/configs/default.nix @@ -1,11 +1,72 @@ { pkgs, ... }: -{ - install = pkgs.writeShellScript "install-configs" '' +let + inherit (pkgs) writeShellScript; + inherit (pkgs.lib.strings) makeBinPath; +in { + install = writeShellScript "install-configs" '' cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --target="$HOME" . ''; - uninstall = pkgs.writeShellScript "uninstall-configs" '' + uninstall = writeShellScript "uninstall-configs" '' cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --delete --target="$HOME" . ''; + + # Run this script to import all of the information exported by `export.sh`. + # Usage: import-gpg path/to/export.zip + import-gpg = writeShellScript "import-gpg" '' + set -euo pipefail + + if [ -z "''${1+x}" ]; then + echo "You must specify the path to export.zip. Exiting..." + exit 1 + fi + + PATH="${makeBinPath (with pkgs; [ busybox gnupg ])}" + destination="$(mktemp -d)" + + function cleanup() { + rm -rf "$destination" + } + trap cleanup EXIT + + unzip "$1" -d "$destination" >/dev/null + + gpg --import "$destination/public.asc" + gpg --import "$destination/secret.asc" + gpg --import-ownertrust "$destination/ownertrust.txt" + + # Run this at the end to output some verification + gpg --list-keys + gpg --list-secret-keys + ''; + + # Run this script to export all the information required to transport your GPG + # information to a zip file. + # Usage: export-gpg + export-gpg = writeShellScript "export-gpg" '' + set -euo pipefail + + PATH="${makeBinPath (with pkgs; [ busybox gnupg zip ])}" + output="$(pwd)/export.zip" + destination="$(mktemp -d)" + + function cleanup() { + rm -rf "$destination" + } + trap cleanup EXIT + + gpg --armor --export >"$destination/public.asc" + gpg --armor --export-secret-keys >"$destination/secret.asc" + gpg --armor --export-ownertrust >"$destination/ownertrust.txt" + + # Strangely enough this appears to be the only way to create a zip of a + # directory that doesn't contain the (noisy) full paths of each item from + # the source filesystem. (i.e. -j doesn't cooperate with -r). + pushd "$destination" + zip -r "$output" ./* + popd + + echo "$(realpath $output)" + ''; } |