chore: adds secrets

2024-08-28 19:16:29 +02:00
parent 6f883edca3
commit 150e80c706
23 changed files with 389434 additions and 66 deletions
--- a/bin/actions/git/pre-commit
+++ b/bin/actions/git/pre-commit
@@ -1,22 +1,9 @@
 #!/bin/sh

-# Check for unencrypted files in .ssh/config.d/
-unencrypted_files=$(find config/ssh/config.d/ -type f ! -name "*.gpg")
-
-if [ -n "$unencrypted_files" ]; then
-    staged_files=$(git diff --cached --name-only)
-    unencrypted_staged_files=""
-    for file in $unencrypted_files; do
-        if [[ $staged_files == *"$file"* ]]; then
-            unencrypted_staged_files="$unencrypted_staged_files $file"
-        fi
-    done
-
-    # If any unencrypted files are staged, exit with a non-zero status
-    if [ -n "$unencrypted_staged_files" ]; then
-        echo ""
-        echo "Error: Unencrypted files are staged for commit!"
-        echo "Use 'dotf secrets encrypt' to encrypt them before committing."
-        exit 1
-    fi
+# Check if there are files under secrets/ directory that don't end with .gpg that are staged
+if git diff --cached --name-only | grep -q 'secrets/'; then
+  if git diff --cached --name-only | grep -v '\.gpg$' | grep -q 'secrets/'; then
+    echo "ERROR: You have unencrypted files under secrets/ directory. Please encrypt them before committing."
+    exit 1
+  fi
 fi
--- a/bin/actions/secrets.sh
+++ b/bin/actions/secrets.sh
@@ -56,6 +56,30 @@ else
    exit 1
 fi

+encrypt_folder() {
+    for file in $1/*; do
+        # Skip if current file is a .gpg file
+        if [[ $file == *.gpg ]]; then
+            continue
+        fi
+
+        # If file is actually a folder, call this function recursively
+        if [[ -d $file ]]; then
+            printfe "%s\n" "cyan" "Encrypting folder $file..."
+            encrypt_folder $file
+            continue
+        fi
+
+        # If the file has a accompanying .gpg file, remove it
+        if [[ -f $file.gpg ]]; then
+            rm $file.gpg
+        fi
+
+        printfe "%s\n" "cyan" "Encrypting $file..."
+        gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
+    done
+}
+

 # Do the same for files under $HOME/dotfiles/secrets/ (These can be any file type, not just .conf so keep the extension)
 if [[ "$2" == "decrypt" ]]; then
@@ -71,17 +95,5 @@ elif [[ "$2" == "encrypt" ]]; then
    printfe "%s\n" "cyan" "Encrypting secrets..."
    echo -en '\r'

-    for file in $HOME/dotfiles/secrets/*; do
-        # Skip if current file is a .gpg file
-        if [[ $file == *.gpg ]]; then
-            continue
-        fi
-
-        # If the file has a accompanying .gpg file, remove it
-        if [[ -f $file.gpg ]]; then
-            rm $file.gpg
-        fi
-
-        gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
-    done
+    encrypt_folder $HOME/dotfiles/secrets
 fi