From 8a8f7387f4b27de0ae174e2e6a1f7792b6287a8c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 21 May 2021 23:46:07 +0200 Subject: [PATCH] pkgs: add bw-pass Until `rbw` gets support for Yubikey 2FA, I still need a decent way to query for my passwords on the command line... This wrapper program should be good enough for basic usage with programs that need a password command. --- pkgs/bw-pass/bw-pass | 74 ++++++++++++++++++++++++++++++++++++++++ pkgs/bw-pass/default.nix | 45 ++++++++++++++++++++++++ pkgs/default.nix | 2 ++ 3 files changed, 121 insertions(+) create mode 100755 pkgs/bw-pass/bw-pass create mode 100644 pkgs/bw-pass/default.nix diff --git a/pkgs/bw-pass/bw-pass b/pkgs/bw-pass/bw-pass new file mode 100755 index 0000000..16c931e --- /dev/null +++ b/pkgs/bw-pass/bw-pass @@ -0,0 +1,74 @@ +#!/usr/bin/env bash + +AUTO_LOCK=900 # 15min timeout by default + +usage() { + printf '%s\n' "Usage: bw-pass [directory name] " >&2 +} + +prompt_pass() { + rofi -dmenu -password -no-fixed-num-lines -p "$1" +} + +error_out() { + rofi -dmenu -no-fixed-num-lines -p "$1" + exit 1 +} + +login() { + local PASSWORD + PASSWORD="$(prompt_pass "Password")" || error_out "Cannot prompt password" + export BW_SESSION + BW_SESSION="$(bw unlock "$PASSWORD" --raw)" || error_out "Cannot unlock" +} + +ensure_logged_in() { + # Use the same keyring as bitwarden-rofi for this + + local KEY_ID + keyctl link @u @s + if ! KEY_ID="$(keyctl request user bw_session 2>/dev/null)"; then + login + KEY_ID="$(keyctl add user bw_session "$BW_SESSION" @u)" + fi + + if [ "$AUTO_LOCK" -gt 0 ]; then + keyctl timeout "$KEY_ID" "$AUTO_LOCK" + fi + export BW_SESSION + BW_SESSION="$(keyctl pipe "$KEY_ID")" + keyctl unlink @u @s +} + +query_password() { + # Either use with `query_password + # Or `query_password ` when the account has no directory + + local FOLDER_ID + local PASSWORD + + if [ $# -eq 2 ]; then + FOLDER_ID="$(bw list folders | + jq '.[] | select(.name == "'"$1"'") | .id' | + cut -d'"' -f2)" + shift + else + FOLDER_ID=null + fi + PASSWORD="$(bw list items --folderid "$FOLDER_ID" | + jq '.[] | select(.name == "'"$1"'") | .login.password' | + cut -d'"' -f2)" + + if [ -z "$PASSWORD" ]; then + error_out "Did not find password for '$1'" + fi + printf '%s\n' "$PASSWORD" +} + +if [ $# -lt 1 ] || [ $# -gt 2 ]; then + usage + exit 1 +fi + +ensure_logged_in +query_password "$@" diff --git a/pkgs/bw-pass/default.nix b/pkgs/bw-pass/default.nix new file mode 100644 index 0000000..a5297d5 --- /dev/null +++ b/pkgs/bw-pass/default.nix @@ -0,0 +1,45 @@ +{ bitwarden-cli, coreutils, jq, keyutils, lib, makeWrapper, rofi, shellcheck, stdenvNoCC }: +stdenvNoCC.mkDerivation rec { + pname = "bw-pass"; + version = "0.1.0"; + + src = ./bw-pass; + + phases = [ "buildPhase" "installPhase" "fixupPhase" ]; + + buildInputs = [ + makeWrapper + shellcheck + ]; + + buildPhase = '' + shellcheck $src + ''; + + installPhase = '' + mkdir -p $out/bin + cp $src $out/bin/${pname} + chmod a+x $out/bin/${pname} + ''; + + wrapperPath = lib.makeBinPath [ + bitwarden-cli + coreutils + jq + keyutils + rofi + ]; + + fixupPhase = '' + patchShebangs $out/bin/${pname} + wrapProgram $out/bin/${pname} --prefix PATH : "${wrapperPath}" + ''; + + meta = with lib; { + description = "A simple script to query a password from bitwarden"; + homepage = "https://gitea.belanyi.fr/ambroisie/nix-config"; + license = with licenses; [ mit ]; + platforms = platforms.unix; + maintainers = with maintainers; [ ambroisie ]; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 58e65cd..197acfb 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,7 @@ { pkgs }: rec { + bw-pass = pkgs.callPackage ./bw-pass { }; + comma = pkgs.callPackage ./comma { }; diff-flake = pkgs.callPackage ./diff-flake { };