harivansh-afk/nix
1
1
Fork 0
mirror of https://github.com/harivansh-afk/nix.git synced 2026-04-15 07:04:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add agent-browser + BW browser auth sync for netty (#35)
Some checks are pending
quality / changes (push) Waiting to run
Details
quality / Flake Check (push) Blocked by required conditions
Details
quality / Nix Format Check (push) Blocked by required conditions
Details
quality / Deploy netty (push) Blocked by required conditions
Details

Browse source 
- Add chromium to netty system packages
- Add home/agent-browser.nix: configures agent-browser to use nix
  chromium headless, installs via npm on first activation (Linux only)
- Add scripts/sync-bw-browser-auth.sh: imports all BW login items
  into agent-browser encrypted auth vault via --password-stdin
- Add just sync-browser-auth target
This commit is contained in:
Hari 2026-04-01 23:45:23 -04:00 committed by GitHub
parent c3fb0fc358
commit e634a3e233
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 120 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

28
home/agent-browser.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
lib,
pkgs,
hostConfig,
...
}:
lib.mkIf (!hostConfig.isDarwin) {
# agent-browser user-level config: point at nix chromium, run headless
home.file.".agent-browser/config.json".text = builtins.toJSON {
executablePath = "${pkgs.chromium}/bin/chromium";
args = "--no-sandbox,--disable-gpu,--disable-dev-shm-usage";
};
# Install agent-browser globally via npm at activation time
home.activation.installAgentBrowser = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
export PATH="${
lib.makeBinPath [
pkgs.nodejs_22
pkgs.coreutils
]
}:$PATH"
if ! command -v agent-browser >/dev/null 2>&1; then
npm install -g agent-browser 2>/dev/null || true
fi
'';
}

1
home/common.nix
View file

@ -3,6 +3,7 @@
_module.args.theme = import ../lib/theme.nix { inherit config; };
imports = [
./agent-browser.nix
./bat.nix
./eza.nix
./claude.nix

1
hosts/netty/configuration.nix
View file

@ -108,6 +108,7 @@ in
virtualisation.docker.enable = true;
environment.systemPackages = packageSets.extras ++ [
pkgs.chromium
pkgs.php
];

3
justfile
View file

@ -28,5 +28,8 @@ secrets-sync:
./scripts/render-bw-shell-secrets.sh
./scripts/restore-bw-files.sh
sync-browser-auth:
./scripts/sync-bw-browser-auth.sh
switch-netty:
ssh root@netty "nixos-rebuild switch --flake github:harivansh-afk/nix#netty --refresh"

87
scripts/sync-bw-browser-auth.sh Executable file
View file

@ -0,0 +1,87 @@
#!/usr/bin/env bash
set -euo pipefail
export NODE_NO_WARNINGS=1
if ! command -v bw >/dev/null 2>&1; then
echo "bw is not installed" >&2
exit 1
fi
if ! command -v jq >/dev/null 2>&1; then
echo "jq is not installed" >&2
exit 1
fi
if ! command -v agent-browser >/dev/null 2>&1; then
echo "agent-browser is not installed" >&2
exit 1
fi
if [[ "${BW_SESSION:-}" == "" ]]; then
echo 'BW_SESSION is not set. Run: export BW_SESSION="$(bw unlock --raw)"' >&2
exit 1
fi
bw sync --session "${BW_SESSION}" >/dev/null 2>&1 || true
items_json="$(bw list items --session "${BW_SESSION}")"
# type 1 = login items; filter to those with a username, password, and at least one URI
login_items="$(printf '%s' "${items_json}" | jq -c '
[.[] | select(
.type == 1 and
.login.username != null and
.login.username != "" and
.login.password != null and
.login.password != "" and
(.login.uris // []) | length > 0
)]
')"
count="$(printf '%s' "${login_items}" | jq 'length')"
printf 'Found %d login items with credentials and URIs\n' "${count}"
imported=0
skipped=0
failed=0
printf '%s' "${login_items}" | jq -c '.[]' | while IFS= read -r item; do
name="$(printf '%s' "${item}" | jq -r '.name')"
username="$(printf '%s' "${item}" | jq -r '.login.username')"
password="$(printf '%s' "${item}" | jq -r '.login.password')"
uri="$(printf '%s' "${item}" | jq -r '.login.uris[0].uri')"
# Sanitize name for use as agent-browser profile name:
# keep only alphanumeric, hyphens, underscores; collapse runs; truncate
safe_name="$(printf '%s' "${name}" | tr -cs 'A-Za-z0-9_-' '-' | sed 's/^-//;s/-$//' | head -c 64)"
if [[ -z "${safe_name}" ]]; then
printf 'SKIP (empty name after sanitize): %s\n' "${name}"
skipped=$((skipped + 1))
continue
fi
# Skip items whose URI is not an http(s) URL
case "${uri}" in
http://*|https://*)
;;
*)
printf 'SKIP (non-http URI): %s -> %s\n' "${name}" "${uri}"
skipped=$((skipped + 1))
continue
;;
esac
if printf '%s' "${password}" | agent-browser auth save "${safe_name}" \
--url "${uri}" \
--username "${username}" \
--password-stdin >/dev/null 2>&1; then
printf 'OK: %s (%s)\n' "${safe_name}" "${uri}"
imported=$((imported + 1))
else
printf 'FAIL: %s (%s)\n' "${safe_name}" "${uri}" >&2
failed=$((failed + 1))
fi
done
printf '\nDone. imported=%d skipped=%d failed=%d\n' "${imported}" "${skipped}" "${failed}"