~kaction/config

972f8b43dfaa74195e6aa7b8384e8fff861a1acf — Dmitry Bogatov 11 months ago 93da02b
New script: "ssh-env"

This script runs command under trezor-agent with all identities loaded,
which is convenient for git-push, for example.
M flake.nix => flake.nix +2 -0
@@ 115,10 115,12 @@
              inherit drv rules buildInputs postBuild;
            };
          srht-ui = call ./universe/srht-ui;
          ssh-env = call ./universe/ssh-env;

          system-wide = callPackage ./system-v2 { };
          tempfile = pkgs.pkgsStatic.callPackage ./universe/tempfile { };
          uenv = call ./universe/uenv;
          universe-key = call ./universe/universe-key;

          # This one requires secret key.
          universe-full = import ./universe {

M universe/default.nix => universe/default.nix +1 -0
@@ 83,6 83,7 @@ let
    ] ++ optionals use-hardware-token [
      python3.pkgs.trezor
      python3.pkgs.trezor_agent
      ssh-env
    ];
  };
in drv.overrideAttrs (_: { disallowedRequisites = banished; })

A universe/ssh-env/default.nix => universe/ssh-env/default.nix +18 -0
@@ 0,0 1,18 @@
{ stdenv, python3, enchive, execline, writeScriptBin, runCommand, universe-key
}:
let
  identity-file = stdenv.mkDerivation {
    name = "identity.txt";
    src = ./identity.txt.enchive;
    nativeBuildInputs = [ enchive ];
    key = universe-key;
    phases = [ "installPhase" ];
    installPhase = ''
      enchive -s $key/key.sec extract < $src > $out
    '';
  };
in writeScriptBin "ssh-env" ''
  #!${execline}/bin/execlineb -WS0
  ${python3.pkgs.trezor_agent}/bin/trezor-agent -e ed25519 ${identity-file} -- $@
''


A universe/ssh-env/identity.txt.enchive => universe/ssh-env/identity.txt.enchive +0 -0
A universe/universe-key/default.nix => universe/universe-key/default.nix +12 -0
@@ 0,0 1,12 @@
{ runCommand, requireFile }:
let public = ./universe.pub;
    private =  requireFile {
      name = "universe.sec";
      sha256 = "4fb0ac712197b23ef4d4ba00f312d3b574f658b4e9cb698bd6755ede62ad5b04";
      message = "This file is required to build universe-full.";
    };
in runCommand "universe-key" { inherit public private; } ''
  mkdir $out
  cp $public  $out/key.pub
  cp $private $out/key.sec
''

A universe/universe-key/universe.pub => universe/universe-key/universe.pub +1 -0
@@ 0,0 1,1 @@
�#Y�F򗂚N�6���"eD�y�Ԩ��a�	
\ No newline at end of file