wsl: integration with the 1password ssh agent

pull/1/head
Tudor Roman 2023-06-04 18:01:06 +02:00
parent 6e93816b4f
commit fe3df485f9
2 changed files with 50 additions and 11 deletions

View File

@ -4,6 +4,7 @@ with lib;
let
cfg = config.homeModules.shell.bash;
direnvCfg = config.homeModules.tools.direnv;
opCfg = config.homeModules.tools.op;
in
{
options.homeModules.shell.bash = {
@ -18,14 +19,18 @@ in
config = mkIf cfg.enable {
programs.bash = {
enable = true;
initExtra = (if cfg.execFish then ''
# start fish if interactive
if [[ $(basename "$(ps --no-header --pid=$PPID --format=cmd)") != "fish" ]]; then
[[ -z "$BASH_EXECUTION_STRING" ]] && exec ${pkgs.fish}/bin/fish
fi
'' else "") + (if direnvCfg.enable then ''
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
'' else "");
initExtra =
opCfg.bashInitExtra +
(if cfg.execFish then ''
# start fish if interactive
if [[ $(basename "$(ps --no-header --pid=$PPID --format=cmd)") != "fish" ]]; then
[[ -z "$BASH_EXECUTION_STRING" ]] && exec ${pkgs.fish}/bin/fish
fi
'' else "") +
(if direnvCfg.enable then ''
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
'' else "")
;
};
};
}

View File

@ -6,13 +6,47 @@ with lib; {
options = {
homeModules.tools.op = {
enable = mkEnableOption "Enable 1Password CLI";
bashInitExtra = mkOption {
type = types.str;
description = "Lines to prepend in .bashrc for WSL";
visible = false;
default = "";
};
};
};
config = mkIf cfg.enable {
config = mkIf cfg.enable ({
home.packages = with pkgs; [
_1password
];
home.shellAliases = if configName == "wsl2" then { op = "op.exe"; } else {};
};
} // (if configName == "wsl2" then {
home.shellAliases.op = "op.exe";
# Acknowledgements: https://stuartleeks.com/posts/wsl-ssh-key-forward-to-windows/
# God bless your soul
# Requires npiperelay
homeModules.tools.op.bashInitExtra =
let
ps = pkgs.ps;
grep = pkgs.gnugrep;
util-linux = pkgs.util-linux;
socat = pkgs.socat;
in ''
# Configure ssh forwarding
export SSH_AUTH_SOCK=$HOME/.ssh/agent.sock
# need `ps -ww` to get non-truncated command for matching
# use square brackets to generate a regex match for the process we want but that doesn't match the grep command running it!
ALREADY_RUNNING=$(${ps}/bin/ps -auxww | ${grep}/bin/grep -q "[n]piperelay.exe -ei -s //./pipe/openssh-ssh-agent"; echo $?)
if [[ $ALREADY_RUNNING != "0" ]]; then
if [[ -S $SSH_AUTH_SOCK ]]; then
# not expecting the socket to exist as the forwarding command isn't running (http://www.tldp.org/LDP/abs/html/fto.html)
echo "removing previous socket..."
rm $SSH_AUTH_SOCK
fi
echo "Starting SSH-Agent relay..."
# setsid to force new session to keep running
# set socat to listen on $SSH_AUTH_SOCK and forward to npiperelay which then forwards to openssh-ssh-agent on windows
(${util-linux}/bin/setsid ${socat}/bin/socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1
fi
'';
} else {}));
}