reidlab/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix-dotfiles/modules/software/tools/rbw.nix
reidlab 7a3a7cc797
rbw keyring
2026-01-18 22:03:21 -08:00

85 lines
2.7 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.modules.software.tools.rbw;
in {
options.modules.software.tools.rbw = {
enable = mkEnableOption "Enable rbw, a CLI Bitwarden frontend";
};
config = mkIf cfg.enable {
hm.programs.rbw = {
enable = true;
settings.email = "reidlab325@gmail.com";
settings.lock_timeout = 60 * 60 * 24 * 7; # 1 week
settings.pinentry = let
secret-tool = "${pkgs.libsecret}/bin/secret-tool";
pinentry = "${lib.getExe pkgs.pinentry-qt}";
in pkgs.writeShellScriptBin "rbw-pinentry" ''
set -euo pipefail
echo 'OK'
title=""
prompt=""
desc=""
while IFS=' ' read -r command args ; do
case "$command" in
SETTITLE)
title="$args"
echo 'OK'
;;
SETDESC)
desc="$args"
echo 'OK'
;;
SETPROMPT)
prompt="$args"
echo 'OK'
;;
GETPIN)
if [[ "$prompt" == "Master Password" ]]; then
set +e
secret_value="$(${secret-tool} lookup application rbw type master_password)"
err=$?
set -e
if [[ $err == 1 ]]; then
cmd="SETTITLE rbw\n"
cmd+="SETPROMPT Master Password\n"
cmd+="SETDESC Please enter the master password\n"
cmd+="GETPIN\n"
secret_value="$(printf "$cmd" | ${pinentry} "$@" | grep -E "^D " | cut -c3-)"
if [ -n "$secret_value" ]; then
echo -n "$secret_value" | ${secret-tool} store --label="Master Password" application rbw type master_password >/dev/null 2>&1
fi
fi
printf 'D %s\n' "$secret_value"
echo 'OK'
else
cmd="SETTITLE $title\n"
cmd+="SETPROMPT $prompt\n"
cmd+="SETDESC $desc\n"
cmd+="GETPIN\n"
secret_value="$(printf "$cmd" | ${pinentry} "$@" | grep -E "^D " | cut -c3-)"
printf 'D %s\n' "$secret_value"
echo 'OK'
fi
;;
BYE)
exit
;;
*)
echo 'ERR Unknown command'
;;
esac
done
'';
};
};
}
Reference in a new issue View git blame Copy permalink