This commit is contained in:
Brian Zalewski 2023-06-05 04:34:11 +00:00
parent d56a2659a9
commit 07afb3982b
4 changed files with 86 additions and 26 deletions

View file

@ -15,6 +15,10 @@
# If you want to automate a headless install that requires access to `encrypted_` files and encrypted variables, then
# you can save the decrypted Age key to `~/.config/age/chezmoi.txt` prior to running `bash <(curl -sSL https://install.doctor/start)`.
#
# Alternatively, you can pass in your Age decryption passphrase in using the `AGE_PASSWORD` environment variable.
# Install Doctor will use this variable along with expect to headlessly automate the password prompt during the
# decryption process.
#
# ## GPG
#
# It is also possible to configure Chezmoi to utilize GPG instead of Age. This might be beneficial if you want to
@ -28,25 +32,8 @@
{{ includeTemplate "universal/logg-before" }}
{{ includeTemplate "universal/profile-before" }}
### Only run decryption process if HEADLESS_INSTALL variable is not set
if [ -z "$HEADLESS_INSTALL" ]; then
### Install Age via Homebrew if not present
if ! command -v age > /dev/null; then
if command -v brew > /dev/null; then
logg info 'Running `brew install age`'
brew install age
else
logg warn '`age` is not installed which is utilized in the decryption process'
fi
fi
### Decrypt private key if it is not already present
if command -v age > /dev/null; then
if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then
mkdir -p "${XDG_CONFIG_HOME}/age"
logg star '`PRESS ENTER` if you have not set up your encryption token yet'
age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
### Handle decryption failure
decryptionFailure() {
logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`'
logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG'
logg info 'Removing all files that begin with encrypted_ because decryption failed'
@ -54,9 +41,68 @@ if [ -z "$HEADLESS_INSTALL" ]; then
logg info "Removing $ENCRYPTED_FILE"
rm -f "$ENCRYPTED_FILE"
done
}
### Install Age via Homebrew if not present
installAge() {
if command -v brew > /dev/null; then
logg info 'Running `brew install age`'
brew install age
else
logg warn '`age` is not installed which is utilized in the decryption process'
fi
}
### Install Expect via Homebrew if not present
installExpect() {
if command -v brew > /dev/null; then
logg info 'Running `brew install expect`'
brew install expect
else
logg warn '`expect` is not installed which is utilized in the decryption process'
fi
}
### Decrypt private key if it is not already present
decryptKey() {
if command -v age > /dev/null; then
if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then
mkdir -p "${XDG_CONFIG_HOME}/age"
if [ -z "$AGE_PASSWORD" ]; then
logg star '`PRESS ENTER` if you have not set up your encryption token yet'
age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
decryptionFailure
else
logg success 'The encryption key was successfully decrypted'
fi
else
installExpect
expect -c "set timeout -1
spawn age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "/usr/local/src/install.doctor/home/key.txt.age"
expect \"Enter passphrase:\"
send \"${AGE_PASSWORD}\r\"
expect eof" > /dev/null || EXIT_CODE=$?
if [ -n "$EXIT_CODE" ]; then
logg info 'There was an issue decrypting the `key.txt.age` file with the provided `AGE_PASSWORD`'
decryptionFailure
else
logg info 'The encryption key was successfully decrypted using expect and the provided `AGE_PASSWORD`'
fi
fi
fi
fi
}
### Only run decryption process if HEADLESS_INSTALL variable is not set
if [ -z "$HEADLESS_INSTALL" ]; then
installAge
decryptKey
elif [ -n "$HEADLESS_INSTALL" ] && [ -n "$AGE_PASSWORD" ]; then
installAge
decryptKey
else
logg info 'Skipping Age key decryption process'
fi
### Ensure proper permissions on private key

View file

@ -15,3 +15,5 @@
// "sprkldev.sprkl-vscode", Creates a ~/.sprkl folder. Does not respect XDG spec.
// Creates ~/.console-ninja folder -- needs to respect XDG
// "wallabyjs.console-ninja",
"gitpod.gitpod-remote-ssh", // Bunch of errors like this during install [gitpod-remote-ssh]: Couldn't find message for key openPreview.
// "leonardssh.vscord", Discord presence plugin (requires embedding key in settings.json)

View file

@ -78,7 +78,6 @@
"github.vscode-pull-request-github",
"gitlab.gitlab-workflow",
"gitpod.gitpod-desktop",
"gitpod.gitpod-remote-ssh",
"golang.go",
"google-home.google-home-extension",
"googlecloudtools.cloudcode",
@ -115,9 +114,7 @@
"kruemelkatze.vscode-dashboard",
"l13rary.l13-diff",
"lennartlence.chadcommit",
"leonardssh.vscord",
"llvm-vs-code-extensions.vscode-clangd",
"logerfo.gitlab-notifications",
"lottiefiles.vscode-lottie",
"loyieking.smalise",
"mads-hartmann.bash-ide-vscode",

View file

@ -35,6 +35,21 @@ export GITLAB_TOKEN="$GL_TOKEN"
### Heroku
export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}"
### Install Doctor
export HEADLESS_INSTALL=true
export SOFTWARE_GROUP="Full"
export FULL_NAME="Brian Zalewski"
export PRIMARY_EMAIL="help@megabyte.space"
export PUBLIC_SERVICES_DOMAIN="megabyte.space"
export RESTRICTED_ENVIRONMENT=false
export WORK_ENVIRONMENT=false
export HOST="$HOST"
# Set to work environment if Cisco applications are installed (modify this to your liking)
if [ -d /Applications/Cisco ]; then
export WORK_ENVIRONMENT=true
fi
### Megabyte Labs
export FULLY_AUTOMATED_TASKS=true