feat(wpcarro/configs): Define {import,export}-gpg in Nix
Note: Calling `export-gpg` (relying on the symlink to `__dispatch.sh`) hangs because it's prompting the user for the password to decrypt the secrets, but for some reason no prompt displays. When I call... ```shell $ nix-build /depot -A users.wpcarro.configs.export-gpg $ ./result ``` ...it WAIs. I need to debug this, but I'm committing the work for now because it's making my `magit-status` noisy. TODO(wpcarro): Merge and reconcile configs, dotfiles. Change-Id: I2b91323824cab37daa9d880cbb42f38e33ca10e1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4998 Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI
This commit is contained in:
parent
186e87fe0f
commit
c734416314
4 changed files with 72 additions and 3 deletions
|
@ -12,6 +12,12 @@ case "${TARGET_TOOL}" in
|
||||||
deploy-diogenes)
|
deploy-diogenes)
|
||||||
attr="users.wpcarro.nixos.deploy-diogenes"
|
attr="users.wpcarro.nixos.deploy-diogenes"
|
||||||
;;
|
;;
|
||||||
|
import-gpg)
|
||||||
|
attr="users.wpcarro.configs.import-gpg"
|
||||||
|
;;
|
||||||
|
export-gpg)
|
||||||
|
attr="users.wpcarro.configs.export-gpg"
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
|
echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
|
||||||
exit 1
|
exit 1
|
||||||
|
|
1
users/wpcarro/bin/export-gpg
Symbolic link
1
users/wpcarro/bin/export-gpg
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
__dispatch.sh
|
1
users/wpcarro/bin/import-gpg
Symbolic link
1
users/wpcarro/bin/import-gpg
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
__dispatch.sh
|
|
@ -1,11 +1,72 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
install = pkgs.writeShellScript "install-configs" ''
|
inherit (pkgs) writeShellScript;
|
||||||
|
inherit (pkgs.lib.strings) makeBinPath;
|
||||||
|
in {
|
||||||
|
install = writeShellScript "install-configs" ''
|
||||||
cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --target="$HOME" .
|
cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --target="$HOME" .
|
||||||
'';
|
'';
|
||||||
|
|
||||||
uninstall = pkgs.writeShellScript "uninstall-configs" ''
|
uninstall = writeShellScript "uninstall-configs" ''
|
||||||
cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --delete --target="$HOME" .
|
cd "$WPCARRO/configs" && ${pkgs.stow}/bin/stow --delete --target="$HOME" .
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# Run this script to import all of the information exported by `export.sh`.
|
||||||
|
# Usage: import-gpg path/to/export.zip
|
||||||
|
import-gpg = writeShellScript "import-gpg" ''
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
if [ -z "''${1+x}" ]; then
|
||||||
|
echo "You must specify the path to export.zip. Exiting..."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
PATH="${makeBinPath (with pkgs; [ busybox gnupg ])}"
|
||||||
|
destination="$(mktemp -d)"
|
||||||
|
|
||||||
|
function cleanup() {
|
||||||
|
rm -rf "$destination"
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
unzip "$1" -d "$destination" >/dev/null
|
||||||
|
|
||||||
|
gpg --import "$destination/public.asc"
|
||||||
|
gpg --import "$destination/secret.asc"
|
||||||
|
gpg --import-ownertrust "$destination/ownertrust.txt"
|
||||||
|
|
||||||
|
# Run this at the end to output some verification
|
||||||
|
gpg --list-keys
|
||||||
|
gpg --list-secret-keys
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Run this script to export all the information required to transport your GPG
|
||||||
|
# information to a zip file.
|
||||||
|
# Usage: export-gpg
|
||||||
|
export-gpg = writeShellScript "export-gpg" ''
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
PATH="${makeBinPath (with pkgs; [ busybox gnupg zip ])}"
|
||||||
|
output="$(pwd)/export.zip"
|
||||||
|
destination="$(mktemp -d)"
|
||||||
|
|
||||||
|
function cleanup() {
|
||||||
|
rm -rf "$destination"
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
gpg --armor --export >"$destination/public.asc"
|
||||||
|
gpg --armor --export-secret-keys >"$destination/secret.asc"
|
||||||
|
gpg --armor --export-ownertrust >"$destination/ownertrust.txt"
|
||||||
|
|
||||||
|
# Strangely enough this appears to be the only way to create a zip of a
|
||||||
|
# directory that doesn't contain the (noisy) full paths of each item from
|
||||||
|
# the source filesystem. (i.e. -j doesn't cooperate with -r).
|
||||||
|
pushd "$destination"
|
||||||
|
zip -r "$output" ./*
|
||||||
|
popd
|
||||||
|
|
||||||
|
echo "$(realpath $output)"
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue