{ config, lib, pkgs, ... }: with lib; let cfg = config.modules.software.tools.rbw; in { options.modules.software.tools.rbw = { enable = mkEnableOption "Enable rbw, a CLI Bitwarden frontend"; }; config = mkIf cfg.enable { hm.programs.rbw = { enable = true; settings.email = "reidlab325@gmail.com"; settings.lock_timeout = 60 * 60 * 24 * 7; # 1 week settings.pinentry = let secret-tool = "${pkgs.libsecret}/bin/secret-tool"; pinentry = "${lib.getExe pkgs.pinentry-qt}"; in pkgs.writeShellScriptBin "rbw-pinentry" '' set -euo pipefail echo 'OK' title="" prompt="" desc="" while IFS=' ' read -r command args ; do case "$command" in SETTITLE) title="$args" echo 'OK' ;; SETDESC) desc="$args" echo 'OK' ;; SETPROMPT) prompt="$args" echo 'OK' ;; GETPIN) if [[ "$prompt" == "Master Password" ]]; then set +e secret_value="$(${secret-tool} lookup application rbw type master_password)" err=$? set -e if [[ $err == 1 ]]; then cmd="SETTITLE rbw\n" cmd+="SETPROMPT Master Password\n" cmd+="SETDESC Please enter the master password\n" cmd+="GETPIN\n" secret_value="$(printf "$cmd" | ${pinentry} "$@" | grep -E "^D " | cut -c3-)" if [ -n "$secret_value" ]; then echo -n "$secret_value" | ${secret-tool} store --label="Master Password" application rbw type master_password >/dev/null 2>&1 fi fi printf 'D %s\n' "$secret_value" echo 'OK' else cmd="SETTITLE $title\n" cmd+="SETPROMPT $prompt\n" cmd+="SETDESC $desc\n" cmd+="GETPIN\n" secret_value="$(printf "$cmd" | ${pinentry} "$@" | grep -E "^D " | cut -c3-)" printf 'D %s\n' "$secret_value" echo 'OK' fi ;; BYE) exit ;; *) echo 'ERR Unknown command' ;; esac done ''; }; }; }