Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiexternal.toml, dotfiles/.local/share/chezmoi/home/.chezmoitemplates/darwin/Brewfile, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/fedora/run_onchange_before_10-install-fedora-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/freebsd/run_onchange_before_11-install-freebsd-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/opensuse/run_onchange_before_11-install-opensuse-software.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/ubuntu/run_onchange_before_10_install-ubuntu-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/centos/run_onchange_before_10-install-centos-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/archlinux/run_onchange_before_10_install-archlinux-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/debian/run_onchange_before_10-install-debian-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_90-install-packages.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoidata.yml
This commit is contained in:
parent
78b98495c7
commit
262e0d64b7
14 changed files with 114 additions and 6 deletions
|
@ -7,7 +7,7 @@ fi
|
|||
|
||||
if [ -f "{{ .chezmoi.sourceDir }}/key.txt.age" ]; then
|
||||
# TODO
|
||||
logg 'Decrypting'
|
||||
logg 'Decrypting age key'
|
||||
age --decrypt --output "$HOME/.config/age/key.txt" "{{ .chezmoi.sourceDir }}/key.txt.age"
|
||||
chmod 600 "$HOME/.config/age/key.txt"
|
||||
fi
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
{{- $email := "noreply@megabyte.space" -}}
|
||||
{{- $restricted := false -}}
|
||||
{{- $work := false -}}
|
||||
{{- $gpgKeyId := "0xF0A300E4199A1C33" -}}
|
||||
{{- $gmailAddress := "noreply@gmail.com" -}}
|
||||
{{- $gmailAddressAppPassword := "" -}}
|
||||
{{- $domain := "megabyte.space" -}}
|
||||
|
@ -98,6 +99,7 @@
|
|||
{{- $_ := set $toolchainsEnabled $toolchain $enabled }}
|
||||
{{- end }}
|
||||
|
||||
{{- $gpgKeyId = promptStringOnce $data.user "gpgKeyId" "Public GPG key ID" $gpgKeyId -}}
|
||||
{{- $domain = promptStringOnce $data.user "domain" "Domain" $domain -}}
|
||||
{{- $timezone = promptStringOnce $data.user "timezone" "Timezone" $timezone -}}
|
||||
{{- $cloudflareUsername = promptStringOnce $data.user "cloudflareUsername" "CloudFlare E-Mail" $email -}}
|
||||
|
@ -117,11 +119,9 @@
|
|||
{{- writeToStdout "Chezmoi is running in headless environment.\n" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if not $headless -}}
|
||||
age:
|
||||
identity: "{{ .chezmoi.homeDir }}/.config/age/key.txt"
|
||||
recipient: "age16kxd4ljclq9ksnxvl2ee7a5xnj744kwyv04p04ka0n3rzxdpl5nsq52svl"
|
||||
{{- end }}
|
||||
encryption: gpg
|
||||
gpg:
|
||||
recipient: "..."
|
||||
data:
|
||||
host:
|
||||
arch: "{{ .chezmoi.arch }}"
|
||||
|
@ -147,6 +147,8 @@ data:
|
|||
name: "{{ $name }}"
|
||||
username: "{{ output "echo" "$USER" }}
|
||||
domain: "{{ $domain }}"
|
||||
gpg:
|
||||
id: "{{ $gpgKeyId }}"
|
||||
gmailAddress: "{{ $gmailAddress }}"
|
||||
gmailAddressAppPassword: "{{ $gmailAddressAppPassword }}"
|
||||
githubUsername: "{{ $githubUsername }}"
|
||||
|
|
|
@ -14,3 +14,5 @@ colors:
|
|||
color12:
|
||||
color13:
|
||||
color14:
|
||||
config:
|
||||
gpg: https://raw.githubusercontent.com/drduh/config/master/gpg.conf
|
||||
|
|
|
@ -87,6 +87,12 @@
|
|||
url = "https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
|
||||
### GPG
|
||||
[".gnupg/gpg.conf"]
|
||||
type = "file"
|
||||
url = "https://raw.githubusercontent.com/drduh/config/master/gpg.conf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
|
||||
### Taskfiles
|
||||
[".local/src/shared-common"]
|
||||
type = "git-repo"
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
|
|
@ -0,0 +1,25 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
{{- includeTemplate "universal/profile" }}
|
||||
{{- includeTemplate "universal/logg" }}
|
||||
|
||||
KEYID={{ .user.gpg.id }}
|
||||
|
||||
if command -v gpg > /dev/null; then
|
||||
if [ -d "$HOME/.gnupg" ]; then
|
||||
logg 'Backing up the current ~/.gnupg to ~/.gnupg.bak'
|
||||
cp -rf "$HOME/.gnupg" "$HOME/.gnupg.bak"
|
||||
fi
|
||||
if [ ! -f "$HOME/.gnupg/gpg.conf ]; then
|
||||
logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
|
||||
mkdir -p "$HOME/.gnupg
|
||||
curl -sSL {{ .config.gpg }} > "$HOME/.gnupg/gpg.conf"
|
||||
chmod 600 "$HOME/.gnupg/gpg.conf
|
||||
fi
|
||||
logg 'Attempting to download the specified public GPG key ({{ .user.gpg.id }}) from public keyservers'
|
||||
gpg --recv "$KEYID"
|
||||
logg 'Automatically setting the trust of the public GPG key to maximum'
|
||||
echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
|
||||
else
|
||||
logg warn '`gpg` is unavailable in the PATH'
|
||||
fi
|
|
@ -3,6 +3,16 @@
|
|||
{{- includeTemplate "universal/logg" }}
|
||||
|
||||
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
|
||||
{{- $gpgDependencies := list
|
||||
gnupg2
|
||||
gnupg-agent
|
||||
gnupg-curl
|
||||
scdaemon
|
||||
pcscd
|
||||
-}}
|
||||
{{- if .toolchains.gpg }}
|
||||
{{- $packages = concat $packages $gpgDependencies -}}
|
||||
{{- end }}
|
||||
{{- $pyenvDependencies := list
|
||||
"base-devel"
|
||||
"openssl"
|
||||
|
|
|
@ -4,6 +4,16 @@
|
|||
|
||||
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
|
||||
# TODO - Add Python dependencies like in ubuntu/archlinux
|
||||
{{- $gpgDependencies := list
|
||||
gnupg2
|
||||
gnupg-agent
|
||||
gnupg-curl
|
||||
scdaemon
|
||||
pcscd
|
||||
-}}
|
||||
{{- if .toolchains.gpg }}
|
||||
{{- $packages = concat $packages $gpgDependencies -}}
|
||||
{{- end }}
|
||||
|
||||
logg 'Installing common dependencies using `dnf`'
|
||||
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'
|
||||
|
|
|
@ -3,6 +3,16 @@
|
|||
{{- includeTemplate "universal/logg" }}
|
||||
|
||||
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) -}}
|
||||
{{- $gpgDependencies := list
|
||||
gnupg2
|
||||
gnupg-agent
|
||||
gnupg-curl
|
||||
scdaemon
|
||||
pcscd
|
||||
-}}
|
||||
{{- if .toolchains.gpg }}
|
||||
{{- $packages = concat $packages $gpgDependencies -}}
|
||||
{{- end }}
|
||||
{{- $pyenvDependencies := list
|
||||
"make"
|
||||
"build-essential"
|
||||
|
|
|
@ -4,6 +4,16 @@
|
|||
|
||||
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
|
||||
# TODO - Add Python dependencies like in ubuntu/archlinux
|
||||
{{- $gpgDependencies := list
|
||||
gnupg2
|
||||
gnupg-agent
|
||||
gnupg-curl
|
||||
scdaemon
|
||||
pcscd
|
||||
-}}
|
||||
{{- if .toolchains.gpg }}
|
||||
{{- $packages = concat $packages $gpgDependencies -}}
|
||||
{{- end }}
|
||||
|
||||
logg 'Installing common dependencies using `dnf`'
|
||||
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'
|
||||
|
|
|
@ -4,6 +4,16 @@
|
|||
|
||||
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
|
||||
# TODO - Add Python dependencies like in ubuntu/archlinux
|
||||
{{- $gpgDependencies := list
|
||||
gnupg2
|
||||
gnupg-agent
|
||||
gnupg-curl
|
||||
scdaemon
|
||||
pcscd
|
||||
-}}
|
||||
{{- if .toolchains.gpg }}
|
||||
{{- $packages = concat $packages $gpgDependencies -}}
|
||||
{{- end }}
|
||||
|
||||
logg 'Installing common dependencies using `pkg`'
|
||||
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'
|
||||
|
|
|
@ -4,6 +4,16 @@
|
|||
|
||||
{{- $packages := splitList " " (includeTemplate "universal/essential-packages" .) }}
|
||||
# TODO - Add Python dependencies like in ubuntu/archlinux
|
||||
{{- $gpgDependencies := list
|
||||
gnupg2
|
||||
gnupg-agent
|
||||
gnupg-curl
|
||||
scdaemon
|
||||
pcscd
|
||||
-}}
|
||||
{{- if .toolchains.gpg }}
|
||||
{{- $packages = concat $packages $gpgDependencies -}}
|
||||
{{- end }}
|
||||
|
||||
logg 'Installing common dependencies using `zypper`'
|
||||
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'
|
||||
|
|
|
@ -25,6 +25,16 @@
|
|||
{{- if .toolchains.python }}
|
||||
{{- $packages = concat $packages $pyenvDependencies -}}
|
||||
{{- end }}
|
||||
{{- $gpgDependencies := list
|
||||
gnupg2
|
||||
gnupg-agent
|
||||
gnupg-curl
|
||||
scdaemon
|
||||
pcscd
|
||||
-}}
|
||||
{{- if .toolchains.gpg }}
|
||||
{{- $packages = concat $packages $gpgDependencies -}}
|
||||
{{- end }}
|
||||
|
||||
logg 'Installing common dependencies using `apt-get`'
|
||||
logg info 'Dependencies: {{ $packages | sortAlpha | uniq | join " " -}}'
|
||||
|
|
|
@ -31,6 +31,8 @@ if OS.mac?
|
|||
brew "grep"
|
||||
brew "m-cli"
|
||||
end
|
||||
# Required for GPG encryption
|
||||
brew "gnupg"
|
||||
# Required for logging (already installed but installing again so Homebrew can manage them)
|
||||
brew "glow"
|
||||
brew "gum"
|
||||
|
|
Loading…
Reference in a new issue