Latest
This commit is contained in:
parent
d56a2659a9
commit
07afb3982b
4 changed files with 86 additions and 26 deletions
|
@ -15,6 +15,10 @@
|
||||||
# If you want to automate a headless install that requires access to `encrypted_` files and encrypted variables, then
|
# If you want to automate a headless install that requires access to `encrypted_` files and encrypted variables, then
|
||||||
# you can save the decrypted Age key to `~/.config/age/chezmoi.txt` prior to running `bash <(curl -sSL https://install.doctor/start)`.
|
# you can save the decrypted Age key to `~/.config/age/chezmoi.txt` prior to running `bash <(curl -sSL https://install.doctor/start)`.
|
||||||
#
|
#
|
||||||
|
# Alternatively, you can pass in your Age decryption passphrase in using the `AGE_PASSWORD` environment variable.
|
||||||
|
# Install Doctor will use this variable along with expect to headlessly automate the password prompt during the
|
||||||
|
# decryption process.
|
||||||
|
#
|
||||||
# ## GPG
|
# ## GPG
|
||||||
#
|
#
|
||||||
# It is also possible to configure Chezmoi to utilize GPG instead of Age. This might be beneficial if you want to
|
# It is also possible to configure Chezmoi to utilize GPG instead of Age. This might be beneficial if you want to
|
||||||
|
@ -28,35 +32,77 @@
|
||||||
{{ includeTemplate "universal/logg-before" }}
|
{{ includeTemplate "universal/logg-before" }}
|
||||||
{{ includeTemplate "universal/profile-before" }}
|
{{ includeTemplate "universal/profile-before" }}
|
||||||
|
|
||||||
### Only run decryption process if HEADLESS_INSTALL variable is not set
|
### Handle decryption failure
|
||||||
if [ -z "$HEADLESS_INSTALL" ]; then
|
decryptionFailure() {
|
||||||
### Install Age via Homebrew if not present
|
logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`'
|
||||||
if ! command -v age > /dev/null; then
|
logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG'
|
||||||
if command -v brew > /dev/null; then
|
logg info 'Removing all files that begin with encrypted_ because decryption failed'
|
||||||
logg info 'Running `brew install age`'
|
find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do
|
||||||
brew install age
|
logg info "Removing $ENCRYPTED_FILE"
|
||||||
else
|
rm -f "$ENCRYPTED_FILE"
|
||||||
logg warn '`age` is not installed which is utilized in the decryption process'
|
done
|
||||||
fi
|
}
|
||||||
fi
|
|
||||||
|
|
||||||
### Decrypt private key if it is not already present
|
### Install Age via Homebrew if not present
|
||||||
|
installAge() {
|
||||||
|
if command -v brew > /dev/null; then
|
||||||
|
logg info 'Running `brew install age`'
|
||||||
|
brew install age
|
||||||
|
else
|
||||||
|
logg warn '`age` is not installed which is utilized in the decryption process'
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
### Install Expect via Homebrew if not present
|
||||||
|
installExpect() {
|
||||||
|
if command -v brew > /dev/null; then
|
||||||
|
logg info 'Running `brew install expect`'
|
||||||
|
brew install expect
|
||||||
|
else
|
||||||
|
logg warn '`expect` is not installed which is utilized in the decryption process'
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
### Decrypt private key if it is not already present
|
||||||
|
decryptKey() {
|
||||||
if command -v age > /dev/null; then
|
if command -v age > /dev/null; then
|
||||||
if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then
|
if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then
|
||||||
mkdir -p "${XDG_CONFIG_HOME}/age"
|
mkdir -p "${XDG_CONFIG_HOME}/age"
|
||||||
logg star '`PRESS ENTER` if you have not set up your encryption token yet'
|
if [ -z "$AGE_PASSWORD" ]; then
|
||||||
age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$?
|
logg star '`PRESS ENTER` if you have not set up your encryption token yet'
|
||||||
if [ -n "$EXIT_CODE" ]; then
|
age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$?
|
||||||
logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`'
|
if [ -n "$EXIT_CODE" ]; then
|
||||||
logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG'
|
decryptionFailure
|
||||||
logg info 'Removing all files that begin with encrypted_ because decryption failed'
|
else
|
||||||
find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do
|
logg success 'The encryption key was successfully decrypted'
|
||||||
logg info "Removing $ENCRYPTED_FILE"
|
fi
|
||||||
rm -f "$ENCRYPTED_FILE"
|
else
|
||||||
done
|
installExpect
|
||||||
|
expect -c "set timeout -1
|
||||||
|
spawn age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "/usr/local/src/install.doctor/home/key.txt.age"
|
||||||
|
expect \"Enter passphrase:\"
|
||||||
|
send \"${AGE_PASSWORD}\r\"
|
||||||
|
expect eof" > /dev/null || EXIT_CODE=$?
|
||||||
|
if [ -n "$EXIT_CODE" ]; then
|
||||||
|
logg info 'There was an issue decrypting the `key.txt.age` file with the provided `AGE_PASSWORD`'
|
||||||
|
decryptionFailure
|
||||||
|
else
|
||||||
|
logg info 'The encryption key was successfully decrypted using expect and the provided `AGE_PASSWORD`'
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
### Only run decryption process if HEADLESS_INSTALL variable is not set
|
||||||
|
if [ -z "$HEADLESS_INSTALL" ]; then
|
||||||
|
installAge
|
||||||
|
decryptKey
|
||||||
|
elif [ -n "$HEADLESS_INSTALL" ] && [ -n "$AGE_PASSWORD" ]; then
|
||||||
|
installAge
|
||||||
|
decryptKey
|
||||||
|
else
|
||||||
|
logg info 'Skipping Age key decryption process'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
### Ensure proper permissions on private key
|
### Ensure proper permissions on private key
|
||||||
|
|
|
@ -14,4 +14,6 @@
|
||||||
// "sonarsource.sonarlint-vscode", Creates a ~/.sonarlint folder. Does not respect XDG spec.
|
// "sonarsource.sonarlint-vscode", Creates a ~/.sonarlint folder. Does not respect XDG spec.
|
||||||
// "sprkldev.sprkl-vscode", Creates a ~/.sprkl folder. Does not respect XDG spec.
|
// "sprkldev.sprkl-vscode", Creates a ~/.sprkl folder. Does not respect XDG spec.
|
||||||
// Creates ~/.console-ninja folder -- needs to respect XDG
|
// Creates ~/.console-ninja folder -- needs to respect XDG
|
||||||
// "wallabyjs.console-ninja",
|
// "wallabyjs.console-ninja",
|
||||||
|
"gitpod.gitpod-remote-ssh", // Bunch of errors like this during install [gitpod-remote-ssh]: Couldn't find message for key openPreview.
|
||||||
|
// "leonardssh.vscord", Discord presence plugin (requires embedding key in settings.json)
|
|
@ -78,7 +78,6 @@
|
||||||
"github.vscode-pull-request-github",
|
"github.vscode-pull-request-github",
|
||||||
"gitlab.gitlab-workflow",
|
"gitlab.gitlab-workflow",
|
||||||
"gitpod.gitpod-desktop",
|
"gitpod.gitpod-desktop",
|
||||||
"gitpod.gitpod-remote-ssh",
|
|
||||||
"golang.go",
|
"golang.go",
|
||||||
"google-home.google-home-extension",
|
"google-home.google-home-extension",
|
||||||
"googlecloudtools.cloudcode",
|
"googlecloudtools.cloudcode",
|
||||||
|
@ -115,9 +114,7 @@
|
||||||
"kruemelkatze.vscode-dashboard",
|
"kruemelkatze.vscode-dashboard",
|
||||||
"l13rary.l13-diff",
|
"l13rary.l13-diff",
|
||||||
"lennartlence.chadcommit",
|
"lennartlence.chadcommit",
|
||||||
"leonardssh.vscord",
|
|
||||||
"llvm-vs-code-extensions.vscode-clangd",
|
"llvm-vs-code-extensions.vscode-clangd",
|
||||||
"logerfo.gitlab-notifications",
|
|
||||||
"lottiefiles.vscode-lottie",
|
"lottiefiles.vscode-lottie",
|
||||||
"loyieking.smalise",
|
"loyieking.smalise",
|
||||||
"mads-hartmann.bash-ide-vscode",
|
"mads-hartmann.bash-ide-vscode",
|
||||||
|
|
|
@ -35,6 +35,21 @@ export GITLAB_TOKEN="$GL_TOKEN"
|
||||||
### Heroku
|
### Heroku
|
||||||
export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}"
|
export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}"
|
||||||
|
|
||||||
|
### Install Doctor
|
||||||
|
export HEADLESS_INSTALL=true
|
||||||
|
export SOFTWARE_GROUP="Full"
|
||||||
|
export FULL_NAME="Brian Zalewski"
|
||||||
|
export PRIMARY_EMAIL="help@megabyte.space"
|
||||||
|
export PUBLIC_SERVICES_DOMAIN="megabyte.space"
|
||||||
|
export RESTRICTED_ENVIRONMENT=false
|
||||||
|
export WORK_ENVIRONMENT=false
|
||||||
|
export HOST="$HOST"
|
||||||
|
|
||||||
|
# Set to work environment if Cisco applications are installed (modify this to your liking)
|
||||||
|
if [ -d /Applications/Cisco ]; then
|
||||||
|
export WORK_ENVIRONMENT=true
|
||||||
|
fi
|
||||||
|
|
||||||
### Megabyte Labs
|
### Megabyte Labs
|
||||||
export FULLY_AUTOMATED_TASKS=true
|
export FULLY_AUTOMATED_TASKS=true
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue