diff --git a/home/Cloud/symlink_Private.tmpl b/home/Cloud/symlink_Private.tmpl index a99430d4..8455debf 100644 --- a/home/Cloud/symlink_Private.tmpl +++ b/home/Cloud/symlink_Private.tmpl @@ -1,3 +1,3 @@ -{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET)) (ne .user.cloudflare.r2 "") -}} +{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}} /mnt/s3-private {{- end -}} \ No newline at end of file diff --git a/home/Cloud/symlink_Public.tmpl b/home/Cloud/symlink_Public.tmpl index 28c147d7..e1243cd5 100644 --- a/home/Cloud/symlink_Public.tmpl +++ b/home/Cloud/symlink_Public.tmpl @@ -1,3 +1,3 @@ -{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET)) (ne .user.cloudflare.r2 "") -}} +{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}} /mnt/s3-public {{- end -}} \ No newline at end of file diff --git a/home/Cloud/symlink_User.tmpl b/home/Cloud/symlink_User.tmpl index a3aca19b..84ddec22 100644 --- a/home/Cloud/symlink_User.tmpl +++ b/home/Cloud/symlink_User.tmpl @@ -1,3 +1,3 @@ -{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET)) (ne .user.cloudflare.r2 "") -}} +{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}} {{ .host.home }}/.local/mnt/s3 {{- end -}} \ No newline at end of file diff --git a/home/dot_config/rclone/merge_private_rclone.conf.tmpl b/home/dot_config/rclone/merge_private_rclone.conf.tmpl index ceab99ec..b2bcf995 100644 --- a/home/dot_config/rclone/merge_private_rclone.conf.tmpl +++ b/home/dot_config/rclone/merge_private_rclone.conf.tmpl @@ -1,4 +1,4 @@ -{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET)) (ne .user.cloudflare.r2 "") -}} +{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}} #!/usr/bin/env bash CONFIG_FILE="$HOME/.config/rclone/rclone.conf" diff --git a/home/dot_config/rclone/private_docker-rclone.conf.tmpl b/home/dot_config/rclone/private_docker-rclone.conf.tmpl index e27cc69c..20ca654d 100644 --- a/home/dot_config/rclone/private_docker-rclone.conf.tmpl +++ b/home/dot_config/rclone/private_docker-rclone.conf.tmpl @@ -1,4 +1,4 @@ -{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET)) (ne .user.cloudflare.r2 "") -}} +{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}} [docker] access_key_id = {{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_R2_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_R2_ID" }}{{ end }} acl = private diff --git a/home/dot_config/rclone/private_system-rclone.conf.tmpl b/home/dot_config/rclone/private_system-rclone.conf.tmpl index 1c50a632..89318907 100644 --- a/home/dot_config/rclone/private_system-rclone.conf.tmpl +++ b/home/dot_config/rclone/private_system-rclone.conf.tmpl @@ -1,4 +1,4 @@ -{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET)) (ne .user.cloudflare.r2 "") -}} +{{- if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_ID"))) (env "CLOUDFLARE_R2_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_R2_SECRET"))) (env "CLOUDFLARE_R2_SECRET")) (ne .user.cloudflare.r2 "") -}} [private] type = s3 provider = Cloudflare diff --git a/home/private_dot_ssh/authorized_keys.github.tmpl b/home/private_dot_ssh/private_authorized_keys.github.tmpl similarity index 100% rename from home/private_dot_ssh/authorized_keys.github.tmpl rename to home/private_dot_ssh/private_authorized_keys.github.tmpl diff --git a/home/private_dot_ssh/authorized_keys.vagrant b/home/private_dot_ssh/private_authorized_keys.vagrant similarity index 100% rename from home/private_dot_ssh/authorized_keys.vagrant rename to home/private_dot_ssh/private_authorized_keys.vagrant diff --git a/home/private_dot_ssh/run_onchanges_after_decrypt-ssh-keys.tmpl b/home/private_dot_ssh/run_onchanges_after_decrypt-ssh-keys.tmpl index e30e74ea..72dd0edc 100644 --- a/home/private_dot_ssh/run_onchanges_after_decrypt-ssh-keys.tmpl +++ b/home/private_dot_ssh/run_onchanges_after_decrypt-ssh-keys.tmpl @@ -6,10 +6,19 @@ logg info 'Decrypting SSH keys stored in the `home/.chezmoitemplates/ssh` folder of the Install Doctor repo / fork.' find "{{ .chezmoi.sourceDir }}/home/.chezmoitemplates/ssh" -type f | while read SSH_FILE; do + ### Decrypt SSH file with Chezmoi logg info 'Decrypting the $(basename "$SSH_FILE") encrypted SSH file' chezmoi decrypt "$SSH_FILE" > "$HOME/.ssh/$(basename "$SSH_FILE")" || EXIT_CODE=$? + + ### Handle failed decryption with warning log message if [ -n "$EXIT_CODE" ]; then logg warn "Unable to decrypt the file stored in $SSH_FILE" fi + + ### Apply appropriate permission to decrypted ~/.ssh file + if [ -f "$HOME/.ssh/$(basename "$SSH_FILE")" ]; then + logg info "Applying appropriate permissions on $HOME/.ssh/$(basename "$SSH_FILE")" + chmod 600 "$HOME/.ssh/$(basename "$SSH_FILE")" + fi fi {{ end -}} diff --git a/home/private_dot_ssh/run_onchanges_after_ensure-private-key.tmpl b/home/private_dot_ssh/run_onchanges_after_ensure-private-key.tmpl index b561306e..f0bd84aa 100644 --- a/home/private_dot_ssh/run_onchanges_after_ensure-private-key.tmpl +++ b/home/private_dot_ssh/run_onchanges_after_ensure-private-key.tmpl @@ -7,4 +7,5 @@ if [ ! -f "$HOME/.ssh/id_rsa" ]; then logg 'Generating missing default private key / public key (`~/.ssh/id_rsa`)' ssh-keygen -b 4096 -t rsa -f "$HOME/.ssh/id_rsa" -q -N "" + chmod 600 "$HOME/.ssh/id_rsa" fi diff --git a/home/private_dot_ssh/run_onchanges_after_generate-public-keys.tmpl b/home/private_dot_ssh/run_onchanges_after_generate-public-keys.tmpl index 9b81b3cd..196fdc52 100644 --- a/home/private_dot_ssh/run_onchanges_after_generate-public-keys.tmpl +++ b/home/private_dot_ssh/run_onchanges_after_generate-public-keys.tmpl @@ -16,5 +16,6 @@ find "$HOME/.ssh" -type f | while read FILE; do if [ ! -f "${FILE}.pub" ]; then logg info 'Generating missing public key for `'"$FILE"'`' ssh-keygen -f "$FILE" -y > "${FILE}.pub" + chmod 600 "${FILE}.pub" fi done