chore: adds secrets

This commit is contained in:
2024-08-28 19:16:29 +02:00
parent 6f883edca3
commit 150e80c706
23 changed files with 389434 additions and 66 deletions

View File

@@ -1,22 +1,9 @@
#!/bin/sh
# Check for unencrypted files in .ssh/config.d/
unencrypted_files=$(find config/ssh/config.d/ -type f ! -name "*.gpg")
if [ -n "$unencrypted_files" ]; then
staged_files=$(git diff --cached --name-only)
unencrypted_staged_files=""
for file in $unencrypted_files; do
if [[ $staged_files == *"$file"* ]]; then
unencrypted_staged_files="$unencrypted_staged_files $file"
fi
done
# If any unencrypted files are staged, exit with a non-zero status
if [ -n "$unencrypted_staged_files" ]; then
echo ""
echo "Error: Unencrypted files are staged for commit!"
echo "Use 'dotf secrets encrypt' to encrypt them before committing."
exit 1
fi
# Check if there are files under secrets/ directory that don't end with .gpg that are staged
if git diff --cached --name-only | grep -q 'secrets/'; then
if git diff --cached --name-only | grep -v '\.gpg$' | grep -q 'secrets/'; then
echo "ERROR: You have unencrypted files under secrets/ directory. Please encrypt them before committing."
exit 1
fi
fi

View File

@@ -56,6 +56,30 @@ else
exit 1
fi
encrypt_folder() {
for file in $1/*; do
# Skip if current file is a .gpg file
if [[ $file == *.gpg ]]; then
continue
fi
# If file is actually a folder, call this function recursively
if [[ -d $file ]]; then
printfe "%s\n" "cyan" "Encrypting folder $file..."
encrypt_folder $file
continue
fi
# If the file has a accompanying .gpg file, remove it
if [[ -f $file.gpg ]]; then
rm $file.gpg
fi
printfe "%s\n" "cyan" "Encrypting $file..."
gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
done
}
# Do the same for files under $HOME/dotfiles/secrets/ (These can be any file type, not just .conf so keep the extension)
if [[ "$2" == "decrypt" ]]; then
@@ -71,17 +95,5 @@ elif [[ "$2" == "encrypt" ]]; then
printfe "%s\n" "cyan" "Encrypting secrets..."
echo -en '\r'
for file in $HOME/dotfiles/secrets/*; do
# Skip if current file is a .gpg file
if [[ $file == *.gpg ]]; then
continue
fi
# If the file has a accompanying .gpg file, remove it
if [[ -f $file.gpg ]]; then
rm $file.gpg
fi
gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
done
encrypt_folder $HOME/dotfiles/secrets
fi