+10

flake/default.nix

reviewed

··· 38 38 (ps: with ps; [shasht])) 39 39 ]; 40 40 }; 41 41 + 42 42 + devShells.meow = pkgs.mkShell { 43 43 + packages = [ 44 44 + (pkgs.haskellPackages.ghcWithPackages (p: 45 45 + with p; [ 46 46 + aeson 47 47 + haskell-language-server 48 48 + ])) 49 49 + ]; 50 50 + }; 41 51 }; 42 52 }

+5

hie.yaml

reviewed

··· 1 1 + cradle: 2 2 + direct: 3 3 + arguments: 4 4 + - "-imeow" 5 5 + - "meow/Main.hs"

+1

meow/.envrc

reviewed

··· 1 1 + use flake .#meow

+25

meow/Main.hs

reviewed

··· 1 1 + {-# LANGUAGE LambdaCase #-} 2 2 + 3 3 + module Main where 4 4 + 5 5 + import System.Environment 6 6 + 7 7 + import Wireguard 8 8 + 9 9 + inEmacs :: IO Bool 10 10 + inEmacs = 11 11 + lookupEnv "INSIDE_EMACS" >>= \case 12 12 + Just "vterm" -> return False 13 13 + Just _ -> return True 14 14 + Nothing -> return False 15 15 + 16 16 + main :: IO () 17 17 + main = do 18 18 + emacs <- inEmacs 19 19 + args <- getArgs 20 20 + 21 21 + putStrLn $ show args 22 22 + 23 23 + showKeys "../sops/wireguard" 24 24 + 25 25 + putStrLn $ "Emacs: " ++ show emacs

+27

meow/Sops.hs

reviewed

··· 1 1 + {-# LANGUAGE DeriveGeneric #-} 2 2 + 3 3 + module Sops (sopsEncrypt, sopsDecrypt) where 4 4 + 5 5 + import Data.Aeson 6 6 + import Data.Text (pack, strip) 7 7 + import GHC.Generics 8 8 + import System.Process (callProcess, readProcess) 9 9 + 10 10 + sopsDecrypt :: FilePath -> IO String 11 11 + sopsDecrypt f = readProcess "sops" ["-d", f] "" 12 12 + 13 13 + data SopsFileStatus = SopsFileStatus 14 14 + { encrypted :: Bool 15 15 + } 16 16 + deriving (Show, Generic) 17 17 + 18 18 + instance FromJSON SopsFileStatus 19 19 + 20 20 + sopsEncrypt :: FilePath -> String -> IO Bool 21 21 + sopsEncrypt f c = do 22 22 + writeFile f c 23 23 + callProcess "sops" ["--encrypt", "--in-place", f] 24 24 + 25 25 + Just (status :: SopsFileStatus) <- decodeStrictText . strip . pack <$> readProcess "sops" ["filestatus", f] "" 26 26 + 27 27 + return . encrypted $ status

+110

meow/Wireguard.hs

reviewed

··· 1 1 + {-# LANGUAGE OverloadedStrings #-} 2 2 + 3 3 + module Wireguard ( 4 4 + Wireguard (public, private), 5 5 + WireguardKeys, 6 6 + newWgKey, 7 7 + readKeys, 8 8 + writeKeys, 9 9 + showKeys, 10 10 + addKey, 11 11 + removeKey, 12 12 + modifyKeys, 13 13 + ) where 14 14 + 15 15 + import Sops 16 16 + 17 17 + import Data.Aeson 18 18 + import qualified Data.ByteString.Lazy as B 19 19 + import qualified Data.Map as M 20 20 + import Data.Text (Text, pack, strip, unpack) 21 21 + import System.FilePath 22 22 + import System.Process (callProcess, readProcess) 23 23 + 24 24 + import qualified Data.Text.Lazy as TL 25 25 + import qualified Data.Text.Lazy.Encoding as TL 26 26 + 27 27 + toString :: B.ByteString -> String 28 28 + toString = TL.unpack . TL.decodeUtf8 29 29 + 30 30 + data Wireguard = Wireguard 31 31 + { public :: String 32 32 + , private :: String 33 33 + } 34 34 + deriving (Show) 35 35 + 36 36 + type WireguardKeys = M.Map Text Wireguard 37 37 + 38 38 + type PublicKeys = M.Map Text String 39 39 + type PrivateKeys = M.Map Text String 40 40 + 41 41 + deserializeWgKeys :: WireguardKeys -> (PublicKeys, PrivateKeys) 42 42 + deserializeWgKeys keys = (M.map public keys, M.map private keys) 43 43 + 44 44 + wg :: [String] -> String -> IO String 45 45 + wg args = readProcess "wg" args 46 46 + 47 47 + wgGenkey :: IO String 48 48 + wgGenkey = wg ["genkey"] "" 49 49 + 50 50 + wgPubkey :: String -> IO String 51 51 + wgPubkey = wg ["pubkey"] 52 52 + 53 53 + wgKeys :: IO Wireguard 54 54 + wgKeys = do 55 55 + privkey <- wgGenkey 56 56 + pubkey <- wgPubkey privkey 57 57 + return 58 58 + Wireguard 59 59 + { public = pubkey 60 60 + , private = privkey 61 61 + } 62 62 + 63 63 + newWgKey :: Text -> IO (Text, Wireguard) 64 64 + newWgKey name = (name,) <$> wgKeys 65 65 + 66 66 + getPublic :: FilePath -> IO (Maybe PublicKeys) 67 67 + getPublic f = return =<< decode <$> B.readFile f 68 68 + 69 69 + getPrivate :: FilePath -> IO (Maybe PrivateKeys) 70 70 + getPrivate f = return =<< decodeStrictText . pack <$> sopsDecrypt f 71 71 + 72 72 + readKeys :: FilePath -> IO (Maybe WireguardKeys) 73 73 + readKeys path = do 74 74 + Just public <- getPublic $ path </> "public-keys.json" 75 75 + Just private <- getPrivate $ path </> "private-keys.json" 76 76 + 77 77 + return . Just $ M.intersectionWith toWg public private 78 78 + where 79 79 + toWg :: String -> String -> Wireguard 80 80 + toWg pub priv = 81 81 + Wireguard 82 82 + { public = pub 83 83 + , private = priv 84 84 + } 85 85 + 86 86 + writeKeys :: FilePath -> WireguardKeys -> IO Bool 87 87 + writeKeys p keys = do 88 88 + (public, private) <- return $ deserializeWgKeys keys 89 89 + 90 90 + B.writeFile (p </> "public-keys.json") $ encode public 91 91 + 92 92 + sopsEncrypt (p </> "private-keys.json") $ toString . encode $ private 93 93 + 94 94 + showKeys :: FilePath -> IO () 95 95 + showKeys p = do 96 96 + Just keys <- readKeys p 97 97 + mapM_ (putStrLn . unpack) $ M.keys keys 98 98 + 99 99 + addKey :: (Text, Wireguard) -> WireguardKeys -> WireguardKeys 100 100 + addKey = flip M.union . uncurry M.singleton 101 101 + 102 102 + removeKey :: Text -> WireguardKeys -> WireguardKeys 103 103 + removeKey drop = M.filterWithKey (\k _ -> drop /= k) 104 104 + 105 105 + modifyKeys :: FilePath -> (WireguardKeys -> WireguardKeys) -> IO (Maybe Bool) 106 106 + modifyKeys p trans = do 107 107 + Just keys <- readKeys p 108 108 + write <- writeKeys p $ trans keys 109 109 + 110 110 + return $ Just write

+25

pkgs/meow.nix

reviewed

··· 1 1 + { 2 2 + lib, 3 3 + haskellPackages, 4 4 + stdenv, 5 5 + }: 6 6 + stdenv.mkDerivation { 7 7 + name = "meow"; 8 8 + version = "0.1"; 9 9 + 10 10 + src = lib.sourceFilesBySuffices ../meow [".hs"]; 11 11 + 12 12 + buildInputs = [ 13 13 + (haskellPackages.ghcWithPackages (p: 14 14 + with p; [ 15 15 + aeson 16 16 + ])) 17 17 + ]; 18 18 + 19 19 + buildPhase = '' 20 20 + mkdir -p $out/bin 21 21 + 22 22 + ghc $src/*.hs -outputdir ./ -hidir ./ -odir ./ -dumpdir ./ -tmpdir ./ \ 23 23 + -o $out/bin/meow 24 24 + ''; 25 25 + }