diff --git a/dotfiles/.config/age/expect b/dotfiles/.config/age/expect new file mode 100644 index 00000000..5ea2b90c --- /dev/null +++ b/dotfiles/.config/age/expect @@ -0,0 +1,11 @@ +#!/usr/bin/expect +# TODO: https://github.com/hyperupcall/dots/tree/8e62ad19f4fa870bd70b1816d383bc32e9b6d149/dotmgr +# https://www.chezmoi.io/user-guide/frequently-asked-questions/encryption/#how-do-i-configure-chezmoi-to-encrypt-files-but-only-request-a-passphrase-the-first-time-chezmoi-init-is-run +# Figure out way of not writing AGE_PASSPHRASE to disk - keep in mem + +spawn ./test.bash +expect "Enter passphrase*" +send -- "{{ .Env.AGE_PASSPHRASE }}\r" +expect "Confirm passphrase*" +send -- "{{ .Env.AGE_PASSPHRASE }}\r" +expect eof diff --git a/dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl b/dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl new file mode 100644 index 00000000..45207ab2 --- /dev/null +++ b/dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl @@ -0,0 +1,11 @@ +#!/bin/sh + +if [ ! -f "$HOME/.config/age/headless.txt" ]; then + logg 'Generating age public key under `~/.config/age/key.txt`' + age-keygen > "$HOME/.config/age/headless.txt" +fi + +if [ ! -f "$HOME/.config/age/key.txt" ]; then + age --decrypt --output "$HOME/.config/age/key.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" + chmod 600 "${HOME}/key.txt" +fi diff --git a/dotfiles/.local/share/chezmoi/.chezmoiignore b/dotfiles/.local/share/chezmoi/.chezmoiignore new file mode 100644 index 00000000..b0229733 --- /dev/null +++ b/dotfiles/.local/share/chezmoi/.chezmoiignore @@ -0,0 +1 @@ +key.txt.age diff --git a/dotfiles/.local/share/chezmoi/home/.chezmoiignore b/dotfiles/.local/share/chezmoi/home/.chezmoiignore index 4055bacc..5889ec10 100644 --- a/dotfiles/.local/share/chezmoi/home/.chezmoiignore +++ b/dotfiles/.local/share/chezmoi/home/.chezmoiignore @@ -1,3 +1,4 @@ +key.txt.age .chezmoiscripts/**/* !.chezmoiscripts/{{ .host.distro.id }}/**/*