diff --git a/modules/software/tools/rbw.nix b/modules/software/tools/rbw.nix index 84b96c1..560b841 100644 --- a/modules/software/tools/rbw.nix +++ b/modules/software/tools/rbw.nix @@ -13,7 +13,73 @@ in { enable = true; settings.email = "reidlab325@gmail.com"; settings.lock_timeout = 60 * 60 * 24 * 7; # 1 week - settings.pinentry = pkgs.pinentry-qt; + settings.pinentry = let + secret-tool = "${pkgs.libsecret}/bin/secret-tool"; + pinentry = "${lib.getExe pkgs.pinentry-qt}"; + in pkgs.writeShellScriptBin "rbw-pinentry" '' + set -euo pipefail + + echo 'OK' + + title="" + prompt="" + desc="" + + while IFS=' ' read -r command args ; do + case "$command" in + SETTITLE) + title="$args" + echo 'OK' + ;; + SETDESC) + desc="$args" + echo 'OK' + ;; + SETPROMPT) + prompt="$args" + echo 'OK' + ;; + GETPIN) + if [[ "$prompt" == "Master Password" ]]; then + set +e + secret_value="$(${secret-tool} lookup application rbw type master_password)" + err=$? + set -e + + if [[ $err == 1 ]]; then + cmd="SETTITLE rbw\n" + cmd+="SETPROMPT Master Password\n" + cmd+="SETDESC Please enter the master password\n" + cmd+="GETPIN\n" + secret_value="$(printf "$cmd" | ${pinentry} "$@" | grep -E "^D " | cut -c3-)" + if [ -n "$secret_value" ]; then + echo -n "$secret_value" | ${secret-tool} store --label="Master Password" application rbw type master_password >/dev/null 2>&1 + fi + fi + + printf 'D %s\n' "$secret_value" + echo 'OK' + else + cmd="SETTITLE $title\n" + cmd+="SETPROMPT $prompt\n" + cmd+="SETDESC $desc\n" + cmd+="GETPIN\n" + + secret_value="$(printf "$cmd" | ${pinentry} "$@" | grep -E "^D " | cut -c3-)" + + printf 'D %s\n' "$secret_value" + echo 'OK' + fi + ;; + BYE) + exit + ;; + *) + echo 'ERR Unknown command' + ;; + esac + done + ''; }; }; }