pkgs: add bw-pass
Until `rbw` gets support for Yubikey 2FA, I still need a decent way to query for my passwords on the command line... This wrapper program should be good enough for basic usage with programs that need a password command.
This commit is contained in:
parent
f2b20c65a8
commit
8a8f7387f4
74
pkgs/bw-pass/bw-pass
Executable file
74
pkgs/bw-pass/bw-pass
Executable file
|
@ -0,0 +1,74 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
AUTO_LOCK=900 # 15min timeout by default
|
||||||
|
|
||||||
|
usage() {
|
||||||
|
printf '%s\n' "Usage: bw-pass [directory name] <account name>" >&2
|
||||||
|
}
|
||||||
|
|
||||||
|
prompt_pass() {
|
||||||
|
rofi -dmenu -password -no-fixed-num-lines -p "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
error_out() {
|
||||||
|
rofi -dmenu -no-fixed-num-lines -p "$1"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
login() {
|
||||||
|
local PASSWORD
|
||||||
|
PASSWORD="$(prompt_pass "Password")" || error_out "Cannot prompt password"
|
||||||
|
export BW_SESSION
|
||||||
|
BW_SESSION="$(bw unlock "$PASSWORD" --raw)" || error_out "Cannot unlock"
|
||||||
|
}
|
||||||
|
|
||||||
|
ensure_logged_in() {
|
||||||
|
# Use the same keyring as bitwarden-rofi for this
|
||||||
|
|
||||||
|
local KEY_ID
|
||||||
|
keyctl link @u @s
|
||||||
|
if ! KEY_ID="$(keyctl request user bw_session 2>/dev/null)"; then
|
||||||
|
login
|
||||||
|
KEY_ID="$(keyctl add user bw_session "$BW_SESSION" @u)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$AUTO_LOCK" -gt 0 ]; then
|
||||||
|
keyctl timeout "$KEY_ID" "$AUTO_LOCK"
|
||||||
|
fi
|
||||||
|
export BW_SESSION
|
||||||
|
BW_SESSION="$(keyctl pipe "$KEY_ID")"
|
||||||
|
keyctl unlink @u @s
|
||||||
|
}
|
||||||
|
|
||||||
|
query_password() {
|
||||||
|
# Either use with `query_password <directory> <account name>
|
||||||
|
# Or `query_password <account name>` when the account has no directory
|
||||||
|
|
||||||
|
local FOLDER_ID
|
||||||
|
local PASSWORD
|
||||||
|
|
||||||
|
if [ $# -eq 2 ]; then
|
||||||
|
FOLDER_ID="$(bw list folders |
|
||||||
|
jq '.[] | select(.name == "'"$1"'") | .id' |
|
||||||
|
cut -d'"' -f2)"
|
||||||
|
shift
|
||||||
|
else
|
||||||
|
FOLDER_ID=null
|
||||||
|
fi
|
||||||
|
PASSWORD="$(bw list items --folderid "$FOLDER_ID" |
|
||||||
|
jq '.[] | select(.name == "'"$1"'") | .login.password' |
|
||||||
|
cut -d'"' -f2)"
|
||||||
|
|
||||||
|
if [ -z "$PASSWORD" ]; then
|
||||||
|
error_out "Did not find password for '$1'"
|
||||||
|
fi
|
||||||
|
printf '%s\n' "$PASSWORD"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ $# -lt 1 ] || [ $# -gt 2 ]; then
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
ensure_logged_in
|
||||||
|
query_password "$@"
|
45
pkgs/bw-pass/default.nix
Normal file
45
pkgs/bw-pass/default.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{ bitwarden-cli, coreutils, jq, keyutils, lib, makeWrapper, rofi, shellcheck, stdenvNoCC }:
|
||||||
|
stdenvNoCC.mkDerivation rec {
|
||||||
|
pname = "bw-pass";
|
||||||
|
version = "0.1.0";
|
||||||
|
|
||||||
|
src = ./bw-pass;
|
||||||
|
|
||||||
|
phases = [ "buildPhase" "installPhase" "fixupPhase" ];
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
makeWrapper
|
||||||
|
shellcheck
|
||||||
|
];
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
shellcheck $src
|
||||||
|
'';
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
cp $src $out/bin/${pname}
|
||||||
|
chmod a+x $out/bin/${pname}
|
||||||
|
'';
|
||||||
|
|
||||||
|
wrapperPath = lib.makeBinPath [
|
||||||
|
bitwarden-cli
|
||||||
|
coreutils
|
||||||
|
jq
|
||||||
|
keyutils
|
||||||
|
rofi
|
||||||
|
];
|
||||||
|
|
||||||
|
fixupPhase = ''
|
||||||
|
patchShebangs $out/bin/${pname}
|
||||||
|
wrapProgram $out/bin/${pname} --prefix PATH : "${wrapperPath}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "A simple script to query a password from bitwarden";
|
||||||
|
homepage = "https://gitea.belanyi.fr/ambroisie/nix-config";
|
||||||
|
license = with licenses; [ mit ];
|
||||||
|
platforms = platforms.unix;
|
||||||
|
maintainers = with maintainers; [ ambroisie ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,5 +1,7 @@
|
||||||
{ pkgs }:
|
{ pkgs }:
|
||||||
rec {
|
rec {
|
||||||
|
bw-pass = pkgs.callPackage ./bw-pass { };
|
||||||
|
|
||||||
comma = pkgs.callPackage ./comma { };
|
comma = pkgs.callPackage ./comma { };
|
||||||
|
|
||||||
diff-flake = pkgs.callPackage ./diff-flake { };
|
diff-flake = pkgs.callPackage ./diff-flake { };
|
||||||
|
|
Loading…
Reference in a new issue