Moved passwords to keepassxc

aftix · May 15, 2024 · 9a4c247 · 9a4c247
1 parent 66c9564
commit 9a4c247
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 303 deletions.
diff --git a/flake.nix b/flake.nix
@@ -84,7 +84,6 @@
         config.allowUnfreePredicate = pkg:
           builtins.elem (nixpkgs.lib.getName pkg) [
             "discord"
-            "vault"
             "nordvpn"
             "pay-by-privacy"
           ];

diff --git a/home/aftix.nix b/home/aftix.nix
@@ -18,7 +18,6 @@ in {
     ./opt/development.nix
     ./opt/helix.nix
     ./opt/neoutils.nix
-    ./opt/vault.nix
 
     ./opt/chromium.nix
     ./opt/firefox.nix
@@ -93,6 +92,10 @@ in {
     Install.WantedBy = ["default.target"];
   };
 
+  home.persistence.${config.my.impermanence.path}.directories = [
+    ".config/keepassxc"
+  ];
+
   my = {
     shell.elvish.enable = true;
     docs = {

diff --git a/home/opt/firefox.nix b/home/opt/firefox.nix
@@ -60,6 +60,7 @@ in {
         multi-account-containers
         clearurls
         darkreader
+        keepassxc-browser
         privacy-badger
         privacy-possum
         pay-by-privacy

diff --git a/home/opt/hypr.nix b/home/opt/hypr.nix
@@ -47,28 +47,6 @@ in {
   config = {
     nixpkgs.overlays = [
       (_: prev: {
-        passmenu = prev.writeScriptBin "passmenu" ''
-          #!${prev.bash}/bin/bash
-          export PATH="${prev.wl-clipboard}/bin:${prev.jq}/bin:${prev.sops}/bin:$PATH"
-          export PATH="${prev.libnotify}/bin:${prev.tofi}/bin:${prev.systemd}/bin:$PATH"
-          shopt -s globstar nullglob
-          source <(systemctl --user show-environment | grep -v PATH=)
-
-          pushd "$HOME/src/cfg" &>/dev/null || exit 1
-
-          password="$(sops exec-file --output-type json ./home/secrets.yaml \
-            "cat '{}' | jq -r 'to_entries[] | select(.key != \"private_keys\") | .key'" |\
-            tofi --prompt-text "Password")"
-          [[ -n "$password" ]] || exit
-
-          sops exec-file --output-type json ./home/secrets.yaml \
-            "cat '{}' | jq -r '.\"$password\".password? // .\"$password\"'" |\
-            tr -d '\n' | wl-copy -n --paste-once
-
-          notify-send "Hyprland" "Copied password '$password' into clipboard."
-          popd &>/dev/null || exit
-        '';
-
         screenshot = prev.writeScriptBin "screenshot" ''
           #!${prev.bash}/bin/bash
           export PATH="${prev.wl-clipboard}/bin:${prev.grim}/bin:${prev.slurp}/bin:$PATH"
@@ -168,9 +146,9 @@ in {
         xdotool
         kdePackages.polkit-kde-agent-1
         pwvucontrol
+        keepassxc
 
         screenshot
-        passmenu
         zenith-popup
       ];
 
@@ -380,7 +358,7 @@ in {
             "$mainMod, grave, hyprexpo:expo, toggle"
 
             # Misc keybinds
-            "$mainMod, P, exec, ${pkgs.passmenu}/bin/passmenu"
+            "$mainMod, P, exec, keepassxc"
             "$mainMod, S, exec, ${pkgs.screenshot}/bin/screenshot"
             "$mainMod SHIFT, S, exec, [float;group barred deny] ${pkgs.zenith-popup}/bin/zenith-popup $terminal"
             "$mainMod, C, exec, ${pkgs.clipman}/bin/clipman pick --tool CUSTOM -T ${pkgs.tofi}/bin/tofi"

diff --git a/home/opt/sops.nix b/home/opt/sops.nix
@@ -1,64 +1,15 @@
 {
-  pkgs,
   config,
-  lib,
   sops-nix,
   ...
 }: let
-  inherit (lib.strings) escapeShellArg;
   keyFile = config.home.homeDirectory + "/.local/persist/.config/sops/age/keys.txt";
 in {
-  nixpkgs.overlays = [
-    (_: prev: {
-      add-passwd = prev.writeScriptBin "add-passwd" ''
-        #!${prev.bash}/bin/bash
-        export PATH="${prev.jq}/bin:${prev.sops}/bin:$PATH"
-        export SOPS_AGE_KEY_FILE=${escapeShellArg keyFile}
-
-        echo "Inserting password for $1"
-        [[ -n "$2" ]] && echo "Username is $2"
-
-        if [[ -z "$1" ]]; then
-          echo "Requires argument to set password name" 2>&1
-          exit 1
-        fi
-
-        pushd ${escapeShellArg config.home.homeDirectory}/src/cfg &>/dev/null || exit 1
-
-        value="$(sops exec-file --output-type json ./home/secrets.yaml "cat '{}' | jq -r '.\"$1\"' ")"
-        if [[ "$value" != "null" ]]; then
-          read -p "Warning: password '$1' exists. Overwrite? (y/N) " CHOICE
-          if [[ "$CHOICE" != "y" && "$CHOICE" != "Y" ]]; then
-            echo "Exiting."
-            exit 0
-          fi
-        fi
-
-        read -rsp "Type password: " PASS
-        echo ""
-        read -rsp "Retype password: " PASS_CHECK
-        if [[ "$PASS" != "$PASS_CHECK" ]]; then
-          echo "Error: passwords did not match, exiting" 2>&1
-          exit 1
-        fi
-
-        if [[ -n "$2" ]]; then
-          sops --set '["$1"] {"password": "$PASS", "username": "$2"}' ./home/secrets.yaml
-        else
-          sops --set '["$1"] "$PASS"' ./home/secrets.yaml
-        fi
-
-        popd &>/dev/null || exit
-      '';
-    })
-  ];
   imports = [sops-nix];
 
   sops = {
     defaultSopsFile = ../secrets.yaml;
 
     age = {inherit keyFile;};
   };
-
-  home.packages = [pkgs.add-passwd];
 }
diff --git a/home/opt/vault.nix b/home/opt/vault.nix