My NixOs configuration files. Only used for my self-hosted infra at the moment.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

101 lines
2.3 KiB

#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bitwarden-cli git gnupg jq nixFlakes
# Command failure is script failure
set -e
BOLD_RED="\e[0;1;31m"
BOLD_BLUE="\e[0;1;34m"
BOLD_GREEN="\e[0;1;32m"
RESET="\e[0m"
DEST="$HOME/.config/nixpkgs"
BW_SESSION=""
warn() {
echo -e "${BOLD_RED}$1${RESET}"
}
info() {
echo -e "${BOLD_BLUE}$1${RESET}"
}
success() {
echo -e "${BOLD_GREEN}$1${RESET}"
}
set_perm() {
# $1: destination
# $2: permissions
chmod "$2" "$1" && success "--> Set permission of $1 to $2"
}
get_doc() {
# $1: name of folder which contains the wanted document
# $2: name of the document
# $3: destination
# $4: permissions
local FOLDER_ID
local NOTES
FOLDER_ID="$(bw list folders |
jq '.[] | select(.name == "'"$1"'") | .id' |
cut -d'"' -f2)"
NOTES="$(bw list items --folderid "$FOLDER_ID" |
jq '.[] | select(.name == "'"$2"'") | .notes' |
cut -d'"' -f2)"
printf "%b" "$NOTES" > "$3"
set_perm "$3" "$4"
}
get_ssh() {
mkdir -p "$HOME/.ssh" && info "-> Creating .ssh folder."
chmod 700 "$HOME/.ssh" && info "--> Modifying permissions of .ssh folder."
get_doc "SysAdmin/SSH" "shared-key-public" "$HOME/.ssh/shared_rsa.pub" 644
get_doc "SysAdmin/SSH" "shared-key-private" "$HOME/.ssh/shared_rsa" 600
get_doc "SysAdmin/SSH" "agenix-public" "$HOME/.ssh/id_ed25519.pub" 644
get_doc "SysAdmin/SSH" "agenix-private" "$HOME/.ssh/id_ed25519" 600
}
get_pgp() {
local KEY
KEY=key.asc
get_doc "SysAdmin/PGP" "pgp-key-private" "$KEY" 644
gpg \
--pinentry-mode loopback \
--import "$KEY"
printf '5\ny\n' |
gpg \
--command-fd 0 \
--pinentry-mode loopback \
--edit-key 'Bruno BELANYI' \
trust
rm "$KEY"
}
get_creds() {
BW_SESSION="$(bw login --raw || bw unlock --raw)"
export BW_SESSION
get_ssh
get_pgp
}
setup_gpg() {
info 'Setting up loopback pinentry for GnuPG'
echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
info 'Signing dummy message to ensure GnuPG key is usable by `git-crypt`'
echo whatever | gpg --clearsign --armor --pinentry loopback --output /dev/null
}
[ -z "$NOCREDS" ] && get_creds
[ -z "$NOGPG" ] && setup_gpg
nix --experimental-features 'nix-command flakes' develop