feat(wpcarro/configs): Define {import,export}-gpg in Nix

Note: Calling `export-gpg` (relying on the symlink to `__dispatch.sh`) hangs
because it's prompting the user for the password to decrypt the secrets, but for
some reason no prompt displays. When I call...

```shell
$ nix-build /depot -A users.wpcarro.configs.export-gpg
$ ./result
```

...it WAIs. I need to debug this, but I'm committing the work for now because
it's making my `magit-status` noisy.

TODO(wpcarro): Merge and reconcile configs, dotfiles.

Change-Id: I2b91323824cab37daa9d880cbb42f38e33ca10e1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4998
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Tested-by: BuildkiteCI

users/wpcarro/bin/__dispatch.sh

@@ -12,6 +12,12 @@ case "${TARGET_TOOL}" in
   deploy-diogenes)
     attr="users.wpcarro.nixos.deploy-diogenes"
     ;;
+  import-gpg)
+    attr="users.wpcarro.configs.import-gpg"
+    ;;
+  export-gpg)
+    attr="users.wpcarro.configs.export-gpg"
+    ;;
   *)
     echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
     exit 1

users/wpcarro/bin/export-gpg

@@ -0,0 +1 @@
+__dispatch.sh

users/wpcarro/bin/import-gpg

@@ -0,0 +1 @@
+__dispatch.sh

users/wpcarro/configs/default.nix

@@ -1,11 +1,72 @@
 { pkgs, ... }:
 
-{
+let
-  install = pkgs.writeShellScript "install-configs" ''
+  inherit (pkgs) writeShellScript;
+  inherit (pkgs.lib.strings) makeBinPath;
+in {
+  install = writeShellScript "install-configs" ''
     cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --target="$HOME" .
   '';
 
-  uninstall = pkgs.writeShellScript "uninstall-configs" ''
+  uninstall = writeShellScript "uninstall-configs" ''
     cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --delete --target="$HOME" .
   '';
+
+  # Run this script to import all of the information exported by `export.sh`.
+  # Usage: import-gpg path/to/export.zip
+  import-gpg = writeShellScript "import-gpg" ''
+    set -euo pipefail
+
+    if [ -z "''${1+x}" ]; then
+      echo "You must specify the path to export.zip. Exiting..."
+      exit 1
+    fi
+
+    PATH="${makeBinPath (with pkgs; [ busybox gnupg ])}"
+    destination="$(mktemp -d)"
+
+    function cleanup() {
+      rm -rf "$destination"
+    }
+    trap cleanup EXIT
+
+    unzip "$1" -d "$destination" >/dev/null
+
+    gpg --import "$destination/public.asc"
+    gpg --import "$destination/secret.asc"
+    gpg --import-ownertrust "$destination/ownertrust.txt"
+
+    # Run this at the end to output some verification
+    gpg --list-keys
+    gpg --list-secret-keys
+  '';
+
+  # Run this script to export all the information required to transport your GPG
+  # information to a zip file.
+  # Usage: export-gpg
+  export-gpg = writeShellScript "export-gpg" ''
+    set -euo pipefail
+
+    PATH="${makeBinPath (with pkgs; [ busybox gnupg zip ])}"
+    output="$(pwd)/export.zip"
+    destination="$(mktemp -d)"
+
+    function cleanup() {
+      rm -rf "$destination"
+    }
+    trap cleanup EXIT
+
+    gpg --armor --export >"$destination/public.asc"
+    gpg --armor --export-secret-keys >"$destination/secret.asc"
+    gpg --armor --export-ownertrust >"$destination/ownertrust.txt"
+
+    # Strangely enough this appears to be the only way to create a zip of a
+    # directory that doesn't contain the (noisy) full paths of each item from
+    # the source filesystem. (i.e. -j doesn't cooperate with -r).
+    pushd "$destination"
+    zip -r "$output" ./*
+    popd
+
+    echo "$(realpath $output)"
+  '';
 }