From 987cfbacae5b68ad60ca6adc8bfcf3c8f6800dc0 Mon Sep 17 00:00:00 2001 From: Evie Litherland-Smith Date: Wed, 16 Oct 2024 07:52:52 +0100 Subject: [PATCH] Combine different pass scripts into single ensure-pass.sh Use password-store where possible to populate secret store without user interaction (currently only Proton still needs manual input) Add spotify to secret store ready for spotifyd --- system/home/calendar/default.nix | 31 ++++++++------- .../home/calendar/vdirsyncer-ensure-pass.sh | 5 --- system/home/email/default.nix | 1 - system/home/email/mbsync-ensure-pass.sh | 15 -------- system/home/scripts/default.nix | 1 + system/home/scripts/shell/ensure-pass.sh | 38 +++++++++++++++++++ 6 files changed, 56 insertions(+), 35 deletions(-) delete mode 100644 system/home/calendar/vdirsyncer-ensure-pass.sh delete mode 100644 system/home/email/mbsync-ensure-pass.sh create mode 100644 system/home/scripts/shell/ensure-pass.sh diff --git a/system/home/calendar/default.nix b/system/home/calendar/default.nix index 436ec8e1..65bfb9a1 100644 --- a/system/home/calendar/default.nix +++ b/system/home/calendar/default.nix @@ -1,8 +1,5 @@ { config, pkgs, ... }: { - home.packages = [ - (pkgs.writeShellScriptBin "vdirsyncer-ensure-pass" (builtins.readFile ./vdirsyncer-ensure-pass.sh)) - ]; programs = { vdirsyncer.enable = true; khal = { @@ -34,17 +31,23 @@ type = "filesystem"; fileExt = ".ics"; }; - remote = { - url = "https://${url}"; - type = "caldav"; - userName = "pixelifytica"; - passwordCommand = [ - "${pkgs.libsecret}/bin/secret-tool" - "lookup" - "url" - "${url}" - ]; - }; + remote = + let + userName = "pixelifytica"; + in + { + inherit userName; + url = "https://${url}"; + type = "caldav"; + passwordCommand = [ + "${pkgs.libsecret}/bin/secret-tool" + "lookup" + "url" + "${url}" + "user" + "${userName}" + ]; + }; vdirsyncer = { inherit (config.programs.vdirsyncer) enable; auth = "basic"; diff --git a/system/home/calendar/vdirsyncer-ensure-pass.sh b/system/home/calendar/vdirsyncer-ensure-pass.sh deleted file mode 100644 index 61a8ea1e..00000000 --- a/system/home/calendar/vdirsyncer-ensure-pass.sh +++ /dev/null @@ -1,5 +0,0 @@ -URL="dav.xenia.me.uk" -secret-tool lookup url "$URL" >/dev/null || ( - echo "Setup calendar password" - secret-tool store --label="Personal calendar vdirsyncer" url "$URL" -) diff --git a/system/home/email/default.nix b/system/home/email/default.nix index 812fbd55..6c3e4360 100644 --- a/system/home/email/default.nix +++ b/system/home/email/default.nix @@ -1,7 +1,6 @@ { config, pkgs, ... }: { home.packages = [ - (pkgs.writeShellScriptBin "mbsync-ensure-pass" (builtins.readFile ./mbsync-ensure-pass.sh)) (pkgs.writeShellScriptBin "davmail-setup" '' systemctl --user restart davmail # Ensure config file is present systemctl --user stop davmail diff --git a/system/home/email/mbsync-ensure-pass.sh b/system/home/email/mbsync-ensure-pass.sh deleted file mode 100644 index 71ac03f5..00000000 --- a/system/home/email/mbsync-ensure-pass.sh +++ /dev/null @@ -1,15 +0,0 @@ -EMAIL_ADDRESSES=( - e.litherlandsmith@proton.me - e.litherlandsmith@icloud.com - evie.litherland-smith@ukaea.uk -) -LABELS=("Proton" "iCloud" "Outlook") - -for i in "${!EMAIL_ADDRESSES[@]}"; do - ADDRESS="${EMAIL_ADDRESSES[$i]}" - LABEL="${LABELS[$i]}" - secret-tool lookup email "$ADDRESS" >/dev/null || ( - echo "Setup $LABEL" - secret-tool store --label="$LABEL mail mbsync" email "$ADDRESS" - ) -done diff --git a/system/home/scripts/default.nix b/system/home/scripts/default.nix index 643ce69c..f6d1c212 100644 --- a/system/home/scripts/default.nix +++ b/system/home/scripts/default.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { home.packages = [ + (pkgs.writeShellScriptBin "ensure-pass" (builtins.readFile ./shell/ensure-pass.sh)) (pkgs.writeShellScriptBin "esync" (builtins.readFile ./shell/esync.sh)) (pkgs.writeShellScriptBin "clean-config" (builtins.readFile ./shell/clean-config.sh)) (pkgs.writeShellScriptBin "rsync-local-config" (builtins.readFile ./shell/rsync-local-config.sh)) diff --git a/system/home/scripts/shell/ensure-pass.sh b/system/home/scripts/shell/ensure-pass.sh new file mode 100644 index 00000000..86bffcb8 --- /dev/null +++ b/system/home/scripts/shell/ensure-pass.sh @@ -0,0 +1,38 @@ +# Email +ADDRESS="e.litherlandsmith@proton.me" +secret-tool lookup email "$ADDRESS" >/dev/null || ( + echo "Insert pass from protonmail-bridge" + secret-tool store --label="Proton Mail mbsync" email "$ADDRESS" +) + +ADDRESS="e.litherlandsmith@icloud.com" +secret-tool lookup email "$ADDRESS" >/dev/null || ( + pass show identity/apple.com/mbsync | + head -n1 | + secret-tool store --label="iCloud mbsync" email "$ADDRESS" +) + +ADDRESS="evie.litherland-smith@ukaea.uk" +secret-tool lookup email "$ADDRESS" >/dev/null || ( + pass show work/microsoftonline.com | + head -n1 | + secret-tool store --label="Outlook mbsync" email "$ADDRESS" +) + +# Calendar +URL="dav.xenia.me.uk" +USER="pixelifytica" +secret-tool lookup url "$URL" user "$USER" >/dev/null || ( + pass show "server/xenia.me.uk/$URL" | + head -n1 | + secret-tool store --label="Personal calendar vdirsyncer" url "$URL" user "$USER" +) + +# Spotify +URL="spotify.com" +USER="pixelifytica" +secret-tool lookup url "$URL" user "$USER" >/dev/null || ( + pass show media/spotify.com | + head -n1 | + secret-tool store --label="Spotify" url "$URL" user "$USER" +)