This commit is contained in:
Brian Zalewski 2023-06-05 04:34:11 +00:00
parent d56a2659a9
commit 07afb3982b
4 changed files with 86 additions and 26 deletions

View file

@ -15,6 +15,10 @@
# If you want to automate a headless install that requires access to `encrypted_` files and encrypted variables, then # If you want to automate a headless install that requires access to `encrypted_` files and encrypted variables, then
# you can save the decrypted Age key to `~/.config/age/chezmoi.txt` prior to running `bash <(curl -sSL https://install.doctor/start)`. # you can save the decrypted Age key to `~/.config/age/chezmoi.txt` prior to running `bash <(curl -sSL https://install.doctor/start)`.
# #
# Alternatively, you can pass in your Age decryption passphrase in using the `AGE_PASSWORD` environment variable.
# Install Doctor will use this variable along with expect to headlessly automate the password prompt during the
# decryption process.
#
# ## GPG # ## GPG
# #
# It is also possible to configure Chezmoi to utilize GPG instead of Age. This might be beneficial if you want to # It is also possible to configure Chezmoi to utilize GPG instead of Age. This might be beneficial if you want to
@ -28,35 +32,77 @@
{{ includeTemplate "universal/logg-before" }} {{ includeTemplate "universal/logg-before" }}
{{ includeTemplate "universal/profile-before" }} {{ includeTemplate "universal/profile-before" }}
### Only run decryption process if HEADLESS_INSTALL variable is not set ### Handle decryption failure
if [ -z "$HEADLESS_INSTALL" ]; then decryptionFailure() {
### Install Age via Homebrew if not present logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`'
if ! command -v age > /dev/null; then logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG'
if command -v brew > /dev/null; then logg info 'Removing all files that begin with encrypted_ because decryption failed'
logg info 'Running `brew install age`' find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do
brew install age logg info "Removing $ENCRYPTED_FILE"
else rm -f "$ENCRYPTED_FILE"
logg warn '`age` is not installed which is utilized in the decryption process' done
fi }
fi
### Decrypt private key if it is not already present ### Install Age via Homebrew if not present
installAge() {
if command -v brew > /dev/null; then
logg info 'Running `brew install age`'
brew install age
else
logg warn '`age` is not installed which is utilized in the decryption process'
fi
}
### Install Expect via Homebrew if not present
installExpect() {
if command -v brew > /dev/null; then
logg info 'Running `brew install expect`'
brew install expect
else
logg warn '`expect` is not installed which is utilized in the decryption process'
fi
}
### Decrypt private key if it is not already present
decryptKey() {
if command -v age > /dev/null; then if command -v age > /dev/null; then
if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then
mkdir -p "${XDG_CONFIG_HOME}/age" mkdir -p "${XDG_CONFIG_HOME}/age"
logg star '`PRESS ENTER` if you have not set up your encryption token yet' if [ -z "$AGE_PASSWORD" ]; then
age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$? logg star '`PRESS ENTER` if you have not set up your encryption token yet'
if [ -n "$EXIT_CODE" ]; then age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$?
logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`' if [ -n "$EXIT_CODE" ]; then
logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG' decryptionFailure
logg info 'Removing all files that begin with encrypted_ because decryption failed' else
find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do logg success 'The encryption key was successfully decrypted'
logg info "Removing $ENCRYPTED_FILE" fi
rm -f "$ENCRYPTED_FILE" else
done installExpect
expect -c "set timeout -1
spawn age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "/usr/local/src/install.doctor/home/key.txt.age"
expect \"Enter passphrase:\"
send \"${AGE_PASSWORD}\r\"
expect eof" > /dev/null || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
logg info 'There was an issue decrypting the `key.txt.age` file with the provided `AGE_PASSWORD`'
decryptionFailure
else
logg info 'The encryption key was successfully decrypted using expect and the provided `AGE_PASSWORD`'
fi
fi fi
fi fi
fi fi
}
### Only run decryption process if HEADLESS_INSTALL variable is not set
if [ -z "$HEADLESS_INSTALL" ]; then
installAge
decryptKey
elif [ -n "$HEADLESS_INSTALL" ] && [ -n "$AGE_PASSWORD" ]; then
installAge
decryptKey
else
logg info 'Skipping Age key decryption process'
fi fi
### Ensure proper permissions on private key ### Ensure proper permissions on private key

View file

@ -14,4 +14,6 @@
// "sonarsource.sonarlint-vscode", Creates a ~/.sonarlint folder. Does not respect XDG spec. // "sonarsource.sonarlint-vscode", Creates a ~/.sonarlint folder. Does not respect XDG spec.
// "sprkldev.sprkl-vscode", Creates a ~/.sprkl folder. Does not respect XDG spec. // "sprkldev.sprkl-vscode", Creates a ~/.sprkl folder. Does not respect XDG spec.
// Creates ~/.console-ninja folder -- needs to respect XDG // Creates ~/.console-ninja folder -- needs to respect XDG
// "wallabyjs.console-ninja", // "wallabyjs.console-ninja",
"gitpod.gitpod-remote-ssh", // Bunch of errors like this during install [gitpod-remote-ssh]: Couldn't find message for key openPreview.
// "leonardssh.vscord", Discord presence plugin (requires embedding key in settings.json)

View file

@ -78,7 +78,6 @@
"github.vscode-pull-request-github", "github.vscode-pull-request-github",
"gitlab.gitlab-workflow", "gitlab.gitlab-workflow",
"gitpod.gitpod-desktop", "gitpod.gitpod-desktop",
"gitpod.gitpod-remote-ssh",
"golang.go", "golang.go",
"google-home.google-home-extension", "google-home.google-home-extension",
"googlecloudtools.cloudcode", "googlecloudtools.cloudcode",
@ -115,9 +114,7 @@
"kruemelkatze.vscode-dashboard", "kruemelkatze.vscode-dashboard",
"l13rary.l13-diff", "l13rary.l13-diff",
"lennartlence.chadcommit", "lennartlence.chadcommit",
"leonardssh.vscord",
"llvm-vs-code-extensions.vscode-clangd", "llvm-vs-code-extensions.vscode-clangd",
"logerfo.gitlab-notifications",
"lottiefiles.vscode-lottie", "lottiefiles.vscode-lottie",
"loyieking.smalise", "loyieking.smalise",
"mads-hartmann.bash-ide-vscode", "mads-hartmann.bash-ide-vscode",

View file

@ -35,6 +35,21 @@ export GITLAB_TOKEN="$GL_TOKEN"
### Heroku ### Heroku
export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}" export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}"
### Install Doctor
export HEADLESS_INSTALL=true
export SOFTWARE_GROUP="Full"
export FULL_NAME="Brian Zalewski"
export PRIMARY_EMAIL="help@megabyte.space"
export PUBLIC_SERVICES_DOMAIN="megabyte.space"
export RESTRICTED_ENVIRONMENT=false
export WORK_ENVIRONMENT=false
export HOST="$HOST"
# Set to work environment if Cisco applications are installed (modify this to your liking)
if [ -d /Applications/Cisco ]; then
export WORK_ENVIRONMENT=true
fi
### Megabyte Labs ### Megabyte Labs
export FULLY_AUTOMATED_TASKS=true export FULLY_AUTOMATED_TASKS=true