Latest
This commit is contained in:
parent
d56a2659a9
commit
07afb3982b
4 changed files with 86 additions and 26 deletions
|
@ -15,6 +15,10 @@
|
|||
# If you want to automate a headless install that requires access to `encrypted_` files and encrypted variables, then
|
||||
# you can save the decrypted Age key to `~/.config/age/chezmoi.txt` prior to running `bash <(curl -sSL https://install.doctor/start)`.
|
||||
#
|
||||
# Alternatively, you can pass in your Age decryption passphrase in using the `AGE_PASSWORD` environment variable.
|
||||
# Install Doctor will use this variable along with expect to headlessly automate the password prompt during the
|
||||
# decryption process.
|
||||
#
|
||||
# ## GPG
|
||||
#
|
||||
# It is also possible to configure Chezmoi to utilize GPG instead of Age. This might be beneficial if you want to
|
||||
|
@ -28,35 +32,77 @@
|
|||
{{ includeTemplate "universal/logg-before" }}
|
||||
{{ includeTemplate "universal/profile-before" }}
|
||||
|
||||
### Only run decryption process if HEADLESS_INSTALL variable is not set
|
||||
if [ -z "$HEADLESS_INSTALL" ]; then
|
||||
### Install Age via Homebrew if not present
|
||||
if ! command -v age > /dev/null; then
|
||||
if command -v brew > /dev/null; then
|
||||
logg info 'Running `brew install age`'
|
||||
brew install age
|
||||
else
|
||||
logg warn '`age` is not installed which is utilized in the decryption process'
|
||||
fi
|
||||
fi
|
||||
### Handle decryption failure
|
||||
decryptionFailure() {
|
||||
logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`'
|
||||
logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG'
|
||||
logg info 'Removing all files that begin with encrypted_ because decryption failed'
|
||||
find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do
|
||||
logg info "Removing $ENCRYPTED_FILE"
|
||||
rm -f "$ENCRYPTED_FILE"
|
||||
done
|
||||
}
|
||||
|
||||
### Decrypt private key if it is not already present
|
||||
### Install Age via Homebrew if not present
|
||||
installAge() {
|
||||
if command -v brew > /dev/null; then
|
||||
logg info 'Running `brew install age`'
|
||||
brew install age
|
||||
else
|
||||
logg warn '`age` is not installed which is utilized in the decryption process'
|
||||
fi
|
||||
}
|
||||
|
||||
### Install Expect via Homebrew if not present
|
||||
installExpect() {
|
||||
if command -v brew > /dev/null; then
|
||||
logg info 'Running `brew install expect`'
|
||||
brew install expect
|
||||
else
|
||||
logg warn '`expect` is not installed which is utilized in the decryption process'
|
||||
fi
|
||||
}
|
||||
|
||||
### Decrypt private key if it is not already present
|
||||
decryptKey() {
|
||||
if command -v age > /dev/null; then
|
||||
if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then
|
||||
mkdir -p "${XDG_CONFIG_HOME}/age"
|
||||
logg star '`PRESS ENTER` if you have not set up your encryption token yet'
|
||||
age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$?
|
||||
if [ -n "$EXIT_CODE" ]; then
|
||||
logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`'
|
||||
logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG'
|
||||
logg info 'Removing all files that begin with encrypted_ because decryption failed'
|
||||
find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do
|
||||
logg info "Removing $ENCRYPTED_FILE"
|
||||
rm -f "$ENCRYPTED_FILE"
|
||||
done
|
||||
if [ -z "$AGE_PASSWORD" ]; then
|
||||
logg star '`PRESS ENTER` if you have not set up your encryption token yet'
|
||||
age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$?
|
||||
if [ -n "$EXIT_CODE" ]; then
|
||||
decryptionFailure
|
||||
else
|
||||
logg success 'The encryption key was successfully decrypted'
|
||||
fi
|
||||
else
|
||||
installExpect
|
||||
expect -c "set timeout -1
|
||||
spawn age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "/usr/local/src/install.doctor/home/key.txt.age"
|
||||
expect \"Enter passphrase:\"
|
||||
send \"${AGE_PASSWORD}\r\"
|
||||
expect eof" > /dev/null || EXIT_CODE=$?
|
||||
if [ -n "$EXIT_CODE" ]; then
|
||||
logg info 'There was an issue decrypting the `key.txt.age` file with the provided `AGE_PASSWORD`'
|
||||
decryptionFailure
|
||||
else
|
||||
logg info 'The encryption key was successfully decrypted using expect and the provided `AGE_PASSWORD`'
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
### Only run decryption process if HEADLESS_INSTALL variable is not set
|
||||
if [ -z "$HEADLESS_INSTALL" ]; then
|
||||
installAge
|
||||
decryptKey
|
||||
elif [ -n "$HEADLESS_INSTALL" ] && [ -n "$AGE_PASSWORD" ]; then
|
||||
installAge
|
||||
decryptKey
|
||||
else
|
||||
logg info 'Skipping Age key decryption process'
|
||||
fi
|
||||
|
||||
### Ensure proper permissions on private key
|
||||
|
|
|
@ -14,4 +14,6 @@
|
|||
// "sonarsource.sonarlint-vscode", Creates a ~/.sonarlint folder. Does not respect XDG spec.
|
||||
// "sprkldev.sprkl-vscode", Creates a ~/.sprkl folder. Does not respect XDG spec.
|
||||
// Creates ~/.console-ninja folder -- needs to respect XDG
|
||||
// "wallabyjs.console-ninja",
|
||||
// "wallabyjs.console-ninja",
|
||||
"gitpod.gitpod-remote-ssh", // Bunch of errors like this during install [gitpod-remote-ssh]: Couldn't find message for key openPreview.
|
||||
// "leonardssh.vscord", Discord presence plugin (requires embedding key in settings.json)
|
|
@ -78,7 +78,6 @@
|
|||
"github.vscode-pull-request-github",
|
||||
"gitlab.gitlab-workflow",
|
||||
"gitpod.gitpod-desktop",
|
||||
"gitpod.gitpod-remote-ssh",
|
||||
"golang.go",
|
||||
"google-home.google-home-extension",
|
||||
"googlecloudtools.cloudcode",
|
||||
|
@ -115,9 +114,7 @@
|
|||
"kruemelkatze.vscode-dashboard",
|
||||
"l13rary.l13-diff",
|
||||
"lennartlence.chadcommit",
|
||||
"leonardssh.vscord",
|
||||
"llvm-vs-code-extensions.vscode-clangd",
|
||||
"logerfo.gitlab-notifications",
|
||||
"lottiefiles.vscode-lottie",
|
||||
"loyieking.smalise",
|
||||
"mads-hartmann.bash-ide-vscode",
|
||||
|
|
|
@ -35,6 +35,21 @@ export GITLAB_TOKEN="$GL_TOKEN"
|
|||
### Heroku
|
||||
export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}"
|
||||
|
||||
### Install Doctor
|
||||
export HEADLESS_INSTALL=true
|
||||
export SOFTWARE_GROUP="Full"
|
||||
export FULL_NAME="Brian Zalewski"
|
||||
export PRIMARY_EMAIL="help@megabyte.space"
|
||||
export PUBLIC_SERVICES_DOMAIN="megabyte.space"
|
||||
export RESTRICTED_ENVIRONMENT=false
|
||||
export WORK_ENVIRONMENT=false
|
||||
export HOST="$HOST"
|
||||
|
||||
# Set to work environment if Cisco applications are installed (modify this to your liking)
|
||||
if [ -d /Applications/Cisco ]; then
|
||||
export WORK_ENVIRONMENT=true
|
||||
fi
|
||||
|
||||
### Megabyte Labs
|
||||
export FULLY_AUTOMATED_TASKS=true
|
||||
|
||||
|
|
Loading…
Reference in a new issue