Update dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_onchange_before_91-configure-gpg.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/darwin/run_onchange_before_10_install-darwin-dependencies.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiscripts/_universal/run_once_before_decrypt-age-key.tmpl, dotfiles/.local/share/chezmoi/home/.chezmoiignore, dotfiles/.local/share/chezmoi/home/chezmoi.txt.age
This commit is contained in:
parent
908fb72da9
commit
263720fd94
6 changed files with 35 additions and 17 deletions
|
@ -118,7 +118,10 @@
|
|||
{{- writeToStdout "Chezmoi is running in headless environment.\n" -}}
|
||||
{{- end -}}
|
||||
|
||||
encryption: "gpg"
|
||||
encryption = "age"
|
||||
age:
|
||||
identity = "{{ .chezmoi.homeDir }}/.config/age/chezmoi.txt"
|
||||
recipient = "age1necy24c4lzxheey4p2m8v4q000n442wyv47qc640ulyxx9l8dpesdqv7ey"
|
||||
gpg:
|
||||
recipient: "{{ $gpgKeyId }}"
|
||||
data:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
key.txt.age
|
||||
chezmoi.txt.age
|
||||
.chezmoiscripts/**/*
|
||||
!.chezmoiscripts/{{ .host.distro.id }}/**/*
|
||||
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/sh
|
||||
|
||||
XDG_CONFIG_HOME="$HOME/.config"
|
||||
|
||||
if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then
|
||||
mkdir -p "${XDG_CONFIG_HOME}/age"
|
||||
age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/chezmoi.txt.age"
|
||||
chmod 600 "${XDG_CONFIG_HOME}/age/chezmoi.txt"
|
||||
fi
|
|
@ -3,23 +3,29 @@
|
|||
{{- includeTemplate "universal/profile" }}
|
||||
{{- includeTemplate "universal/logg" }}
|
||||
|
||||
KEYID={{ .user.gpg.id }}
|
||||
KEYID="{{ .user.gpg.id }}"
|
||||
|
||||
if command -v gpg > /dev/null; then
|
||||
if [ -d "$HOME/.gnupg" ]; then
|
||||
logg 'Backing up the current ~/.gnupg to ~/.gnupg.bak'
|
||||
cp -rf "$HOME/.gnupg" "$HOME/.gnupg.bak"
|
||||
if [ -n "$KEYID" ] && command -v gpg > /dev/null; then
|
||||
if [ ! -d "$HOME/.gnupg" ]; then
|
||||
mkdir "$HOME/.gnupg"
|
||||
fi
|
||||
if [ ! -f "$HOME/.gnupg/gpg.conf ]; then
|
||||
chown -R "$(whoami)" "$HOME/.gnupg/"
|
||||
find "$HOME/.gnupg" -type f -exec chmod 600 {} \;
|
||||
find "$HOME/.gnupg" -type d -exec chmod 700 {} \;
|
||||
if [ ! -f "$HOME/.gnupg/gpg.conf" ]; then
|
||||
logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
|
||||
mkdir -p "$HOME/.gnupg
|
||||
curl -sSL {{ .config.gpg }} > "$HOME/.gnupg/gpg.conf"
|
||||
chmod 600 "$HOME/.gnupg/gpg.conf
|
||||
curl -sSL "{{ .config.gpg }}" > "$HOME/.gnupg/gpg.conf"
|
||||
chmod 600 "$HOME/.gnupg/gpg.conf"
|
||||
fi
|
||||
logg 'Attempting to download the specified public GPG key ({{ .user.gpg.id }}) from public keyservers'
|
||||
KEYID_TRIMMED="$(echo "$KEYID" | sed 's/^0x//')"
|
||||
if ! gpg --list-secret-keys --keyid-format=long | grep "$KEYID_TRIMMED" > /dev/null; then
|
||||
logg info 'Attempting to download the specified public GPG key (`{{ .user.gpg.id }}`) from public keyservers'
|
||||
gpg --recv "$KEYID"
|
||||
logg 'Automatically setting the trust of the public GPG key to maximum'
|
||||
else
|
||||
logg info 'Key is already in keyring'
|
||||
fi
|
||||
logg 'Ensuring the trust of the provided public GPG key is set to maximum'
|
||||
echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
|
||||
else
|
||||
logg warn '`gpg` is unavailable in the PATH'
|
||||
logg warn '`gpg` appears to be unavailable. Is it installed and on the PATH?'
|
||||
fi
|
||||
|
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
if command -v brew > /dev/null; then
|
||||
logg 'Installing base dependencies for macOS using `brew bundle`'
|
||||
logg info 'Dependencies: age asdf jq node go-task/tap/go-task volta yq m-cli zx'
|
||||
logg info 'Dependencies: asdf jq node go-task/tap/go-task volta yq m-cli zx'
|
||||
logg info 'GNU compatibility dependencies: coreutils findutils gawk gnu-getopt gnu-indent gnu-tar gnu-sed gnutls grep'
|
||||
|
||||
brew bundle --verbose --no-lock --file=/dev/stdin <<EOF
|
||||
{{ includeTemplate "darwin/Brewfile" . }}
|
||||
{{ includeTemplate "darwin/Brewfile" . -}}
|
||||
EOF
|
||||
else
|
||||
logg error '`brew` was not found in the PATH'
|
||||
|
|
0
dotfiles/.local/share/chezmoi/home/chezmoi.txt.age
Normal file
0
dotfiles/.local/share/chezmoi/home/chezmoi.txt.age
Normal file
Loading…
Reference in a new issue