Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml

This commit is contained in:
Brian Zalewski 2022-11-27 17:46:53 +00:00
parent 78b98495c7
commit 262e0d64b7
14 changed files with 114 additions and 6 deletions

View file

@ -7,7 +7,7 @@ fi
if [ -f "{{ .chezmoi.sourceDir }}/key.txt.age" ]; then
# TODO
logg 'Decrypting'
logg 'Decrypting age key'
age --decrypt --output "$HOME/.config/age/key.txt" "{{ .chezmoi.sourceDir }}/key.txt.age"
chmod 600 "$HOME/.config/age/key.txt"
fi

View file

@ -2,6 +2,7 @@
{{- $email := "noreply@megabyte.space" -}}
{{- $restricted := false -}}
{{- $work := false -}}
{{- $gpgKeyId := "0xF0A300E4199A1C33" -}}
{{- $gmailAddress := "noreply@gmail.com" -}}
{{- $gmailAddressAppPassword := "" -}}
{{- $domain := "megabyte.space" -}}
@ -98,6 +99,7 @@
{{- $_ := set $toolchainsEnabled $toolchain $enabled }}
{{- end }}
{{- $gpgKeyId = promptStringOnce $data.user "gpgKeyId" "Public GPG key ID" $gpgKeyId -}}
{{- $domain = promptStringOnce $data.user "domain" "Domain" $domain -}}
{{- $timezone = promptStringOnce $data.user "timezone" "Timezone" $timezone -}}
{{- $cloudflareUsername = promptStringOnce $data.user "cloudflareUsername" "CloudFlare E-Mail" $email -}}
@ -117,11 +119,9 @@
{{- writeToStdout "Chezmoi is running in headless environment.\n" -}}
{{- end -}}
{{- if not $headless -}}
age:
identity: "{{ .chezmoi.homeDir }}/.config/age/key.txt"
recipient: "age16kxd4ljclq9ksnxvl2ee7a5xnj744kwyv04p04ka0n3rzxdpl5nsq52svl"
{{- end }}
encryption: gpg
gpg:
recipient: "..."
data:
host:
arch: "{{ .chezmoi.arch }}"
@ -147,6 +147,8 @@ data:
name: "{{ $name }}"
username: "{{ output "echo" "$USER" }}
domain: "{{ $domain }}"
gpg:
id: "{{ $gpgKeyId }}"
gmailAddress: "{{ $gmailAddress }}"
gmailAddressAppPassword: "{{ $gmailAddressAppPassword }}"
githubUsername: "{{ $githubUsername }}"

View file

@ -14,3 +14,5 @@ colors:
color12:
color13:
color14:
config:
gpg: https://raw.githubusercontent.com/drduh/config/master/gpg.conf

View file

@ -87,6 +87,12 @@
url = "https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim"
refreshPeriod = "{{ $refreshPeriod }}"
### GPG
[".gnupg/gpg.conf"]
type = "file"
url = "https://raw.githubusercontent.com/drduh/config/master/gpg.conf"
refreshPeriod = "{{ $refreshPeriod }}"
### Taskfiles
[".local/src/shared-common"]
type = "git-repo"

View file

@ -0,0 +1,25 @@
#!/usr/bin/env bash
{{- includeTemplate "universal/profile" }}
{{- includeTemplate "universal/logg" }}
KEYID={{ .user.gpg.id }}
if command -v gpg > /dev/null; then
if [ -d "$HOME/.gnupg" ]; then
logg 'Backing up the current ~/.gnupg to ~/.gnupg.bak'
cp -rf "$HOME/.gnupg" "$HOME/.gnupg.bak"
fi
if [ ! -f "$HOME/.gnupg/gpg.conf ]; then
logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
mkdir -p "$HOME/.gnupg
curl -sSL {{ .config.gpg }} > "$HOME/.gnupg/gpg.conf"
chmod 600 "$HOME/.gnupg/gpg.conf
fi
logg 'Attempting to download the specified public GPG key ({{ .user.gpg.id }}) from public keyservers'
gpg --recv "$KEYID"
logg 'Automatically setting the trust of the public GPG key to maximum'
echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
else
logg warn '`gpg` is unavailable in the PATH'
fi

View file

@ -3,6 +3,16 @@
{{- includeTemplate "universal/logg" }}
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
{{- $gpgDependencies := list
gnupg2
gnupg-agent
gnupg-curl
scdaemon
pcscd
-}}
{{- if .toolchains.gpg }}
{{- $packages = concat $packages $gpgDependencies -}}
{{- end }}
{{- $pyenvDependencies := list
"base-devel"
"openssl"

View file

@ -4,6 +4,16 @@
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
# TODO - Add Python dependencies like in ubuntu/archlinux
{{- $gpgDependencies := list
gnupg2
gnupg-agent
gnupg-curl
scdaemon
pcscd
-}}
{{- if .toolchains.gpg }}
{{- $packages = concat $packages $gpgDependencies -}}
{{- end }}
logg 'Installing common dependencies using `dnf`'
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'

View file

@ -3,6 +3,16 @@
{{- includeTemplate "universal/logg" }}
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) -}}
{{- $gpgDependencies := list
gnupg2
gnupg-agent
gnupg-curl
scdaemon
pcscd
-}}
{{- if .toolchains.gpg }}
{{- $packages = concat $packages $gpgDependencies -}}
{{- end }}
{{- $pyenvDependencies := list
"make"
"build-essential"

View file

@ -4,6 +4,16 @@
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
# TODO - Add Python dependencies like in ubuntu/archlinux
{{- $gpgDependencies := list
gnupg2
gnupg-agent
gnupg-curl
scdaemon
pcscd
-}}
{{- if .toolchains.gpg }}
{{- $packages = concat $packages $gpgDependencies -}}
{{- end }}
logg 'Installing common dependencies using `dnf`'
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'

View file

@ -4,6 +4,16 @@
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
# TODO - Add Python dependencies like in ubuntu/archlinux
{{- $gpgDependencies := list
gnupg2
gnupg-agent
gnupg-curl
scdaemon
pcscd
-}}
{{- if .toolchains.gpg }}
{{- $packages = concat $packages $gpgDependencies -}}
{{- end }}
logg 'Installing common dependencies using `pkg`'
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'

View file

@ -4,6 +4,16 @@
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
# TODO - Add Python dependencies like in ubuntu/archlinux
{{- $gpgDependencies := list
gnupg2
gnupg-agent
gnupg-curl
scdaemon
pcscd
-}}
{{- if .toolchains.gpg }}
{{- $packages = concat $packages $gpgDependencies -}}
{{- end }}
logg 'Installing common dependencies using `zypper`'
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'

View file

@ -25,6 +25,16 @@
{{- if .toolchains.python }}
{{- $packages = concat $packages $pyenvDependencies -}}
{{- end }}
{{- $gpgDependencies := list
gnupg2
gnupg-agent
gnupg-curl
scdaemon
pcscd
-}}
{{- if .toolchains.gpg }}
{{- $packages = concat $packages $gpgDependencies -}}
{{- end }}
logg 'Installing common dependencies using `apt-get`'
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'

View file

@ -31,6 +31,8 @@ if OS.mac?
brew "grep"
brew "m-cli"
end
# Required for GPG encryption
brew "gnupg"
# Required for logging (already installed but installing again so Homebrew can manage them)
brew "glow"
brew "gum"