1
0
Thomas Dy 5 жил өмнө
parent
commit
d6b50eab0a

+ 3 - 0
.gitignore

@@ -9,6 +9,9 @@
 !.config/nixpkgs
 !.config/nixpkgs/**
 !.config/nvim
+!.local
+!.local/bin
+!.local/bin/**
 !.vim
 !.vim/init.vim
 !.vim/autoload

+ 78 - 0
.local/bin/get-aws-login

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# ignore existing credentials
+unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
+
+profile=$1
+duration=${2:-28800}
+mfa_serial_number=$(aws configure get mfa_serial)
+if [ "$profile" != "default" ]; then
+  if ! role_arn=$(aws configure get "profile.$profile.role_arn"); then
+    echo "role_arn not set for profile $profile"
+    echo "run aws configure set profile.$profile.role_arn <role arn>"
+    exit 1
+  fi
+fi
+
+read -srp "Password: " password
+>&2 echo ""
+
+use_cache=0
+cache_gpg="$XDG_RUNTIME_DIR/aws-$profile.gpg"
+if [ -z "${2:-}" ]; then
+  use_cache=1
+fi
+
+function get_credentials {
+  keepassxc-cli show -q "$KEEPASS_FILE" "$KEEPASS_AWS_ENTRY" -a "$1" <<< "$password"
+}
+
+function get_cached {
+  if [ "$use_cache" -eq 0 ]; then
+    return 1
+  fi
+  if [ ! -f "$cache_gpg" ]; then
+    >&2 echo "No cached credentials, requesting new"
+    return 1
+  fi
+  if ! cached=$(gpg --batch -d --passphrase "$password" "$cache_gpg"); then
+    >&2 echo "Error getting cached credentials"
+    exit 1
+  fi
+  expiration=$(date -d "$(jq -r '.Credentials.Expiration' <<< "$cached")" +%s)
+  if [ "$expiration" -lt "$(date +%s)" ]; then
+    >&2 echo "Cached credentials expired, requesting new"
+    return 1
+  fi
+
+  >&2 echo "Using cached credentials, expires $(date -d "@$expiration" +%H:%M)"
+  echo "$cached"
+}
+
+AWS_ACCESS_KEY_ID=$(get_credentials UserName)
+AWS_SECRET_ACCESS_KEY=$(get_credentials Password)
+
+if ! credentials=$(get_cached); then
+  export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
+
+  read -rp "MFA: " mfa
+
+  if [ "$profile" = "default" ]; then
+    credentials=$(aws sts get-session-token --serial-number $mfa_serial_number --token-code "$mfa" --duration-seconds "$duration")
+  else
+    credentials=$(aws sts assume-role --serial-number $mfa_serial_number --token-code "$mfa" --role-arn "$role_arn" --role-session-name "$(hostname)" --duration-seconds "$duration")
+  fi
+
+  if [ "$use_cache" -eq 1 ]; then
+    gpg --batch -c --passphrase "$password" <<< "$credentials" > "$cache_gpg"
+  fi
+fi
+
+
+jq -r '.Credentials | @sh "
+export AWS_ACCESS_KEY_ID=\(.AccessKeyId)
+export AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)
+export AWS_SESSION_TOKEN=\(.SessionToken)
+"' <<< "$credentials"

+ 30 - 0
.local/bin/get-op-login

@@ -0,0 +1,30 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -p expect -i "expect -f"
+
+log_user 0
+
+set db_path "$::env(KEEPASS_FILE)"
+set db_entry "$::env(KEEPASS_OP_ENTRY)"
+
+stty -echo
+puts -nonewline stderr "Enter Password: "
+expect_user -re "(.*)\n"
+puts stderr ""
+stty echo
+set PASS $expect_out(1,string)
+
+set op_url [exec keepassxc-cli show -q $db_path "$db_entry" -a URL << $PASS]
+set op_username [exec keepassxc-cli show -q $db_path "$db_entry" -a UserName << $PASS]
+set op_password [exec keepassxc-cli show -q $db_path "$db_entry" -a Password << $PASS]
+set op_secretkey [exec keepassxc-cli show -q $db_path "$db_entry" -a "Secret Key" << $PASS]
+
+spawn op signin $op_url $op_username $op_secretkey
+expect "Enter the password for $op_username at $op_url:"
+expect -re $
+send "$op_password\r"
+expect eof
+set session $expect_out(buffer)
+
+log_user 1
+regsub -all {\r} $session {} stripped_session
+puts $stripped_session

+ 3 - 0
.local/bin/vimwiki

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+exec nvim -c "VimwikiIndex" -c "vnew" -c "VimwikiMakeDiaryNote"

+ 1 - 0
.zsh/config.zsh

@@ -69,3 +69,4 @@ alias l="k -h"
 alias ssh="TERM=xterm-256color ssh"
 
 export EDITOR=vim
+path=(~/.local/bin $path)