From 07afb3982b41c9694412784a1c17eab8b18aae31 Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Mon, 5 Jun 2023 04:34:11 +0000 Subject: [PATCH] Latest --- .../run_before_02-decrypt-age-key.sh.tmpl | 90 ++++++++++++++----- home/dot_config/Code/User/README.md | 4 +- home/dot_config/Code/User/extensions.json | 3 - home/dot_config/shell/private_private.sh.tmpl | 15 ++++ 4 files changed, 86 insertions(+), 26 deletions(-) diff --git a/home/.chezmoiscripts/universal/run_before_02-decrypt-age-key.sh.tmpl b/home/.chezmoiscripts/universal/run_before_02-decrypt-age-key.sh.tmpl index 7039b5ac..ec6c2e77 100644 --- a/home/.chezmoiscripts/universal/run_before_02-decrypt-age-key.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_before_02-decrypt-age-key.sh.tmpl @@ -15,6 +15,10 @@ # If you want to automate a headless install that requires access to `encrypted_` files and encrypted variables, then # you can save the decrypted Age key to `~/.config/age/chezmoi.txt` prior to running `bash <(curl -sSL https://install.doctor/start)`. # +# Alternatively, you can pass in your Age decryption passphrase in using the `AGE_PASSWORD` environment variable. +# Install Doctor will use this variable along with expect to headlessly automate the password prompt during the +# decryption process. +# # ## GPG # # It is also possible to configure Chezmoi to utilize GPG instead of Age. This might be beneficial if you want to @@ -28,35 +32,77 @@ {{ includeTemplate "universal/logg-before" }} {{ includeTemplate "universal/profile-before" }} -### Only run decryption process if HEADLESS_INSTALL variable is not set -if [ -z "$HEADLESS_INSTALL" ]; then - ### Install Age via Homebrew if not present - if ! command -v age > /dev/null; then - if command -v brew > /dev/null; then - logg info 'Running `brew install age`' - brew install age - else - logg warn '`age` is not installed which is utilized in the decryption process' - fi - fi +### Handle decryption failure +decryptionFailure() { + logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`' + logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG' + logg info 'Removing all files that begin with encrypted_ because decryption failed' + find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do + logg info "Removing $ENCRYPTED_FILE" + rm -f "$ENCRYPTED_FILE" + done +} - ### Decrypt private key if it is not already present +### Install Age via Homebrew if not present +installAge() { + if command -v brew > /dev/null; then + logg info 'Running `brew install age`' + brew install age + else + logg warn '`age` is not installed which is utilized in the decryption process' + fi +} + +### Install Expect via Homebrew if not present +installExpect() { + if command -v brew > /dev/null; then + logg info 'Running `brew install expect`' + brew install expect + else + logg warn '`expect` is not installed which is utilized in the decryption process' + fi +} + +### Decrypt private key if it is not already present +decryptKey() { if command -v age > /dev/null; then if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then mkdir -p "${XDG_CONFIG_HOME}/age" - logg star '`PRESS ENTER` if you have not set up your encryption token yet' - age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$? - if [ -n "$EXIT_CODE" ]; then - logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`' - logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG' - logg info 'Removing all files that begin with encrypted_ because decryption failed' - find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do - logg info "Removing $ENCRYPTED_FILE" - rm -f "$ENCRYPTED_FILE" - done + if [ -z "$AGE_PASSWORD" ]; then + logg star '`PRESS ENTER` if you have not set up your encryption token yet' + age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$? + if [ -n "$EXIT_CODE" ]; then + decryptionFailure + else + logg success 'The encryption key was successfully decrypted' + fi + else + installExpect + expect -c "set timeout -1 + spawn age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "/usr/local/src/install.doctor/home/key.txt.age" + expect \"Enter passphrase:\" + send \"${AGE_PASSWORD}\r\" + expect eof" > /dev/null || EXIT_CODE=$? + if [ -n "$EXIT_CODE" ]; then + logg info 'There was an issue decrypting the `key.txt.age` file with the provided `AGE_PASSWORD`' + decryptionFailure + else + logg info 'The encryption key was successfully decrypted using expect and the provided `AGE_PASSWORD`' + fi fi fi fi +} + +### Only run decryption process if HEADLESS_INSTALL variable is not set +if [ -z "$HEADLESS_INSTALL" ]; then + installAge + decryptKey +elif [ -n "$HEADLESS_INSTALL" ] && [ -n "$AGE_PASSWORD" ]; then + installAge + decryptKey +else + logg info 'Skipping Age key decryption process' fi ### Ensure proper permissions on private key diff --git a/home/dot_config/Code/User/README.md b/home/dot_config/Code/User/README.md index 27bcc676..84301420 100644 --- a/home/dot_config/Code/User/README.md +++ b/home/dot_config/Code/User/README.md @@ -14,4 +14,6 @@ // "sonarsource.sonarlint-vscode", Creates a ~/.sonarlint folder. Does not respect XDG spec. // "sprkldev.sprkl-vscode", Creates a ~/.sprkl folder. Does not respect XDG spec. // Creates ~/.console-ninja folder -- needs to respect XDG - // "wallabyjs.console-ninja", \ No newline at end of file + // "wallabyjs.console-ninja", + "gitpod.gitpod-remote-ssh", // Bunch of errors like this during install [gitpod-remote-ssh]: Couldn't find message for key openPreview. + // "leonardssh.vscord", Discord presence plugin (requires embedding key in settings.json) \ No newline at end of file diff --git a/home/dot_config/Code/User/extensions.json b/home/dot_config/Code/User/extensions.json index 2540604c..eacf712a 100644 --- a/home/dot_config/Code/User/extensions.json +++ b/home/dot_config/Code/User/extensions.json @@ -78,7 +78,6 @@ "github.vscode-pull-request-github", "gitlab.gitlab-workflow", "gitpod.gitpod-desktop", - "gitpod.gitpod-remote-ssh", "golang.go", "google-home.google-home-extension", "googlecloudtools.cloudcode", @@ -115,9 +114,7 @@ "kruemelkatze.vscode-dashboard", "l13rary.l13-diff", "lennartlence.chadcommit", - "leonardssh.vscord", "llvm-vs-code-extensions.vscode-clangd", - "logerfo.gitlab-notifications", "lottiefiles.vscode-lottie", "loyieking.smalise", "mads-hartmann.bash-ide-vscode", diff --git a/home/dot_config/shell/private_private.sh.tmpl b/home/dot_config/shell/private_private.sh.tmpl index 7229c9f8..bd5cc76d 100644 --- a/home/dot_config/shell/private_private.sh.tmpl +++ b/home/dot_config/shell/private_private.sh.tmpl @@ -35,6 +35,21 @@ export GITLAB_TOKEN="$GL_TOKEN" ### Heroku export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}" +### Install Doctor +export HEADLESS_INSTALL=true +export SOFTWARE_GROUP="Full" +export FULL_NAME="Brian Zalewski" +export PRIMARY_EMAIL="help@megabyte.space" +export PUBLIC_SERVICES_DOMAIN="megabyte.space" +export RESTRICTED_ENVIRONMENT=false +export WORK_ENVIRONMENT=false +export HOST="$HOST" + +# Set to work environment if Cisco applications are installed (modify this to your liking) +if [ -d /Applications/Cisco ]; then + export WORK_ENVIRONMENT=true +fi + ### Megabyte Labs export FULLY_AUTOMATED_TASKS=true