add kpcli-py, with support for kdbx files and intuitive cli

flake.lock

@@ -102,6 +102,22 @@
         "type": "github"
       }
     },
+    "kpcli-py": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1619087457,
+        "narHash": "sha256-iRNLq5s2WJJHwB4beP5xQDKrBPWS/42s/ozLoSa5gAE=",
+        "owner": "rebkwok",
+        "repo": "kpcli",
+        "rev": "e4d699e3b3d28887f74185f8fa69d0aade111d84",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rebkwok",
+        "repo": "kpcli",
+        "type": "github"
+      }
+    },
     "nixgl": {
       "inputs": {
         "flake-utils": "flake-utils_2",
@@ -173,6 +189,7 @@
         "flake-compat": "flake-compat",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
+        "kpcli-py": "kpcli-py",
         "nixgl": "nixgl",
         "nixpkgs": "nixpkgs_2",
         "rust-overlay": "rust-overlay"

flake.nix

@@ -18,6 +18,10 @@
       url = "github:edolstra/flake-compat";
       flake = false;
     };
+    kpcli-py = {
+      url = "github:rebkwok/kpcli";
+      flake = false;
+    };
   };
 
   outputs = {
@@ -29,6 +33,7 @@
     system = "x86_64-linux";
     pkgs = import nixpkgs {
       inherit system;
+      overlays = import ./overlays.nix _inputs;
       config = {
         allowUnfree = true;
       };
@@ -89,7 +94,7 @@
     unit_tests = lib.runTests unit_tests;
     secrets = import ./secrets final_inputs;
     debug = {
-      inherit final_inputs hosts users modules lib inputs_w_pkgs unit_tests;
+      inherit final_inputs hosts users modules lib inputs_w_pkgs unit_tests pkgs;
     };
   };
 }

hosts/default.nix

@@ -50,7 +50,7 @@ in {
 };
 mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
 mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
-trimNull = lib.filterAttrs (name: value: value != null);
+trimNull = lib.filterAttrsRecursive (name: value: value != null);
 flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
 in {
   inherit config;

native_configs/neovim/init.lua

@@ -150,7 +150,7 @@ vim.g.maplocalleader = ','
 -- basic keymaps
 -- Since we use space for leader, we're asserting that this does nothing by itself
 vim.keymap.set({ 'n', 'v' }, '<Space>', '<Nop>', { silent = true })
--- make :terminal escape out. For zsh-vi-mode, just use Alt-M or any keybind
+-- make :terminal escape out. For zsh-vi-mode, just use Alt-Z or any keybind
 -- that does not collide with vi-motion keybind. This is because
 -- <Alt-x> -> ^[x; while <Esc> on the terminal is ^[
 vim.keymap.set('t', '<Esc>', '<C-\\><C-n>)')

nix-conf/home-manager/base/keepass.nix

@@ -1,6 +1,7 @@
 { config, proj_root, pkgs, lib, ... }:
 let
   cfg = config.base.keepass;
+  trimNull = lib.filterAttrsRecursive (name: value: value != null);
 in
 {
   imports = [ ./graphics.nix ];
@@ -12,13 +13,52 @@ in
       default = false;
       example = "true";
     };
+    path = lib.mkOption {
+      type = lib.types.path;
+      description = "Path to kdbx file";
+      default = null;
+      example = "/media/homelab/f/PersistentHotStorage/keepass.kdbx";
+    };
+    keyfile_path = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      description = ''
+      Path to key file for the database
+      If null, then the field is unset
+      '';
+      default = null;
+      example = "/path/to/mykeyfile.key";
+    };
+    store_encrypted_password = lib.mkOption {
+      type = lib.types.bool;
+      description = "Whether to store encrypted password for 24 hrs before re-prompt";
+      default = true;
+      example = "false";
+    };
+    copy_timeout_secs = lib.mkOption {
+      type = lib.types.int;
+      description = "Timeout (seconds) before the password is expired from clipboard";
+      default = 12;
+      example = "60";
+    };
   };
   config = lib.mkIf cfg.enable {
     home.packages = [
-      pkgs.kpcli # kp but is in cli
+      pkgs.kpcli-py # kp but is in cli
     ] ++ (if cfg.use_gui or config.base.graphics._enable then [
       pkgs.keepass # Personal secret management
     ] else [ ]);
+    home.file.".kp/config.ini".text = lib.generators.toINI {} (trimNull {
+      default = {
+        KEEPASSDB = cfg.path;
+        KEEPASSDB_KEYFILE = cfg.keyfile_path;
+        STORE_ENCRYPTED_PASSWORD = cfg.store_encrypted_password;
+        KEEPASSDB_PASSWORD = null; # No good way yet to store the password
+        KEEPASSDB_TIMEOUT = cfg.copy_timeout_secs;
+      };
+    });
     # xdg.dataFile."keepass.kdbx".path = 
+    # base.shells.shellAliases = {
+      # kp = "kpcli --kdb=${cfg.path}";
+    # };
   };
 }

nix-conf/home-manager/flake.lock

@@ -82,6 +82,22 @@
         "type": "github"
       }
     },
+    "kpcli-py": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1619087457,
+        "narHash": "sha256-iRNLq5s2WJJHwB4beP5xQDKrBPWS/42s/ozLoSa5gAE=",
+        "owner": "rebkwok",
+        "repo": "kpcli",
+        "rev": "e4d699e3b3d28887f74185f8fa69d0aade111d84",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rebkwok",
+        "repo": "kpcli",
+        "type": "github"
+      }
+    },
     "nixgl": {
       "inputs": {
         "flake-utils": "flake-utils_2",
@@ -90,11 +106,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-KP+2qdZlhmRkrafuuEofg7YnNdVmGV95ipvpuqmJneI=",
-        "path": "/nix/store/qprlnx490gv6nylwhgq1a4i28pa9rjii-source/out-of-tree/nixGL",
+        "path": "/nix/store/qcm4676fqkcdrizjkn4j0796ybddwlxm-source/out-of-tree/nixGL",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/qprlnx490gv6nylwhgq1a4i28pa9rjii-source/out-of-tree/nixGL",
+        "path": "/nix/store/qcm4676fqkcdrizjkn4j0796ybddwlxm-source/out-of-tree/nixGL",
         "type": "path"
       }
     },
@@ -150,6 +166,7 @@
         "flake-compat": "flake-compat",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
+        "kpcli-py": "kpcli-py",
         "nixgl": "nixgl",
         "nixpkgs": "nixpkgs_2",
         "rust-overlay": "rust-overlay"

nix-conf/home-manager/flake.nix

@@ -14,19 +14,24 @@
       url = "github:edolstra/flake-compat";
       flake = false;
     };
+    kpcli-py = {
+      url = "github:rebkwok/kpcli";
+      flake = false;
+    };
   };
 
   outputs =
-    { nixpkgs
+    flake_inputs@{ nixpkgs
     , home-manager
     , nixgl
     , rust-overlay
     , flake-utils
+    , kpcli-py
     , ...
     }:
     let
       system = "x86_64-linux";
-      overlays = [ nixgl.overlay rust-overlay.overlays.default ];
+      overlays = import ./../../overlays.nix flake_inputs;
       # pkgs = nixpkgs.legacyPackages.${system}.appendOverlays overlays;
       pkgs = import nixpkgs {
         inherit system overlays;
@@ -140,8 +145,10 @@
               {
                 base.graphics.enable = true;
                 base.alacritty.font.family = "BitstreamVeraSansMono Nerd Font";
+                base.keepass.path = "/media/homelab/f/PersistentHotStorage/keepass.kdbx";
               }
             ];
+            
             extraSpecialArgs = mkModuleArgs {
               inherit pkgs;
               myHome = {

nix-conf/home-manager/home.nix

@@ -64,4 +64,5 @@ in
     enableBashIntegration = true;
     enableZshIntegration = true;
   };
+  base.keepass.enable = true;
 }

overlays.nix

@@ -0,0 +1,20 @@
+flake_input@{ kpcli-py, nixgl, rust-overlay, ... }: [
+  nixgl.overlays.default
+  rust-overlay.overlays.default
+  (final: prev: {
+    # use python3.9, which works because of cython somehow?
+    kpcli-py = final.poetry2nix.mkPoetryApplication {
+      projectDir = kpcli-py;
+      python = final.python39;
+      overrides = final.poetry2nix.defaultPoetryOverrides.extend (self: super: {
+        # tableformatter requires setuptools
+        tableformatter = super.tableformatter.overridePythonAttrs (
+          old: {
+            buildInputs = (old.buildInputs or [ ]) ++ [ super.setuptools super.cython_3 ];
+          }
+        );
+      });
+    };
+  })
+]
+