feat(wpcarro/configs): Define {import,export}-gpg in Nix
Note: Calling `export-gpg` (relying on the symlink to `__dispatch.sh`) hangs because it's prompting the user for the password to decrypt the secrets, but for some reason no prompt displays. When I call... ```shell $ nix-build /depot -A users.wpcarro.configs.export-gpg $ ./result ``` ...it WAIs. I need to debug this, but I'm committing the work for now because it's making my `magit-status` noisy. TODO(wpcarro): Merge and reconcile configs, dotfiles. Change-Id: I2b91323824cab37daa9d880cbb42f38e33ca10e1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4998 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
This commit is contained in:
		
							parent
							
								
									186e87fe0f
								
							
						
					
					
						commit
						c734416314
					
				
					 4 changed files with 72 additions and 3 deletions
				
			
		|  | @ -12,6 +12,12 @@ case "${TARGET_TOOL}" in | |||
|   deploy-diogenes) | ||||
|     attr="users.wpcarro.nixos.deploy-diogenes" | ||||
|     ;; | ||||
|   import-gpg) | ||||
|     attr="users.wpcarro.configs.import-gpg" | ||||
|     ;; | ||||
|   export-gpg) | ||||
|     attr="users.wpcarro.configs.export-gpg" | ||||
|     ;; | ||||
|   *) | ||||
|     echo "The tool '${TARGET_TOOL}' is currently not installed in this repository." | ||||
|     exit 1 | ||||
|  |  | |||
							
								
								
									
										1
									
								
								users/wpcarro/bin/export-gpg
									
										
									
									
									
										Symbolic link
									
								
							
							
						
						
									
										1
									
								
								users/wpcarro/bin/export-gpg
									
										
									
									
									
										Symbolic link
									
								
							|  | @ -0,0 +1 @@ | |||
| __dispatch.sh | ||||
							
								
								
									
										1
									
								
								users/wpcarro/bin/import-gpg
									
										
									
									
									
										Symbolic link
									
								
							
							
						
						
									
										1
									
								
								users/wpcarro/bin/import-gpg
									
										
									
									
									
										Symbolic link
									
								
							|  | @ -0,0 +1 @@ | |||
| __dispatch.sh | ||||
|  | @ -1,11 +1,72 @@ | |||
| { pkgs, ... }: | ||||
| 
 | ||||
| { | ||||
|   install = pkgs.writeShellScript "install-configs" '' | ||||
| let | ||||
|   inherit (pkgs) writeShellScript; | ||||
|   inherit (pkgs.lib.strings) makeBinPath; | ||||
| in { | ||||
|   install = writeShellScript "install-configs" '' | ||||
|     cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --target="$HOME" . | ||||
|   ''; | ||||
| 
 | ||||
|   uninstall = pkgs.writeShellScript "uninstall-configs" '' | ||||
|   uninstall = writeShellScript "uninstall-configs" '' | ||||
|     cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --delete --target="$HOME" . | ||||
|   ''; | ||||
| 
 | ||||
|   # Run this script to import all of the information exported by `export.sh`. | ||||
|   # Usage: import-gpg path/to/export.zip | ||||
|   import-gpg = writeShellScript "import-gpg" '' | ||||
|     set -euo pipefail | ||||
| 
 | ||||
|     if [ -z "''${1+x}" ]; then | ||||
|       echo "You must specify the path to export.zip. Exiting..." | ||||
|       exit 1 | ||||
|     fi | ||||
| 
 | ||||
|     PATH="${makeBinPath (with pkgs; [ busybox gnupg ])}" | ||||
|     destination="$(mktemp -d)" | ||||
| 
 | ||||
|     function cleanup() { | ||||
|       rm -rf "$destination" | ||||
|     } | ||||
|     trap cleanup EXIT | ||||
| 
 | ||||
|     unzip "$1" -d "$destination" >/dev/null | ||||
| 
 | ||||
|     gpg --import "$destination/public.asc" | ||||
|     gpg --import "$destination/secret.asc" | ||||
|     gpg --import-ownertrust "$destination/ownertrust.txt" | ||||
| 
 | ||||
|     # Run this at the end to output some verification | ||||
|     gpg --list-keys | ||||
|     gpg --list-secret-keys | ||||
|   ''; | ||||
| 
 | ||||
|   # Run this script to export all the information required to transport your GPG | ||||
|   # information to a zip file. | ||||
|   # Usage: export-gpg | ||||
|   export-gpg = writeShellScript "export-gpg" '' | ||||
|     set -euo pipefail | ||||
| 
 | ||||
|     PATH="${makeBinPath (with pkgs; [ busybox gnupg zip ])}" | ||||
|     output="$(pwd)/export.zip" | ||||
|     destination="$(mktemp -d)" | ||||
| 
 | ||||
|     function cleanup() { | ||||
|       rm -rf "$destination" | ||||
|     } | ||||
|     trap cleanup EXIT | ||||
| 
 | ||||
|     gpg --armor --export >"$destination/public.asc" | ||||
|     gpg --armor --export-secret-keys >"$destination/secret.asc" | ||||
|     gpg --armor --export-ownertrust >"$destination/ownertrust.txt" | ||||
| 
 | ||||
|     # Strangely enough this appears to be the only way to create a zip of a | ||||
|     # directory that doesn't contain the (noisy) full paths of each item from | ||||
|     # the source filesystem. (i.e. -j doesn't cooperate with -r). | ||||
|     pushd "$destination" | ||||
|     zip -r "$output" ./* | ||||
|     popd | ||||
| 
 | ||||
|     echo "$(realpath $output)" | ||||
|   ''; | ||||
| } | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue