feat: adds secrets
Signed-off-by: Menno van Leeuwen <menno@vleeuwen.me>
This commit is contained in:
18
bin/actions/git/pre-commit
Executable file
18
bin/actions/git/pre-commit
Executable file
@@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env zsh
|
||||
|
||||
source ~/dotfiles/bin/helpers/functions.sh
|
||||
|
||||
# Check for unencrypted files in .ssh/config.d/
|
||||
unencrypted_files=$(find config/ssh/config.d/ -type f ! -name "*.gpg")
|
||||
|
||||
if [ -n "$unencrypted_files" ]; then
|
||||
printfe "%s\n" "red" "Unencrypted files found in .ssh/config.d/:"
|
||||
for file in $(find config/ssh/config.d/ -type f ! -name "*.gpg"); do
|
||||
printfe "%s\n" "yellow" " - $file"
|
||||
done
|
||||
|
||||
echo ""
|
||||
printfe "%s\n" "blue" "Use 'dotf secrets encrypt' to encrypt them."
|
||||
exit 1
|
||||
fi
|
||||
|
41
bin/actions/secrets.sh
Executable file
41
bin/actions/secrets.sh
Executable file
@@ -0,0 +1,41 @@
|
||||
#!/usr/bin/env zsh
|
||||
|
||||
source ~/dotfiles/bin/helpers/functions.sh
|
||||
|
||||
####################################################################################################
|
||||
# Decrypt secrets
|
||||
####################################################################################################
|
||||
printfe "%s\n" "cyan" "Fetching password from 1Password..."
|
||||
echo -en '\r'
|
||||
|
||||
output=$(op item get "SSH Config Secrets" --fields password)
|
||||
command=$(echo "$output" | grep -oP "(?<=use ').*(?=')")
|
||||
password=$(eval $command | grep -oP "(?<= password: ).*" | tr -d '\n')
|
||||
|
||||
# Check what we are supposed to do (Either decrypt or encrypt)
|
||||
if [[ "$2" == "decrypt" ]]; then
|
||||
printfe "%s\n" "cyan" "Decrypting .ssh/config.d/ files..."
|
||||
echo -en '\r'
|
||||
|
||||
for file in ~/.ssh/config.d/*.gpg; do
|
||||
filename=$(basename $file .gpg)
|
||||
gpg --quiet --batch --yes --decrypt --passphrase="$password" --output ~/.ssh/config.d/$filename $file
|
||||
rm $file
|
||||
done
|
||||
elif [[ "$2" == "encrypt" ]]; then
|
||||
printfe "%s\n" "cyan" "Encrypting .ssh/config.d/ files..."
|
||||
echo -en '\r'
|
||||
|
||||
for file in ~/.ssh/config.d/*; do
|
||||
# Skip already encrypted files
|
||||
if [[ $file == *.gpg ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
|
||||
rm $file
|
||||
done
|
||||
else
|
||||
printfe "%s\n" "red" "Invalid argument. Use 'decrypt' or 'encrypt'"
|
||||
exit 1
|
||||
fi
|
@@ -25,7 +25,8 @@ else
|
||||
check_or_make_symlink ~/.gitconfig ~/dotfiles/config/gitconfig.linux
|
||||
fi
|
||||
|
||||
check_or_make_symlink ~/.ssh/config ~/dotfiles/ssh/config
|
||||
check_or_make_symlink ~/.ssh/config ~/dotfiles/config/ssh/config
|
||||
check_or_make_symlink ~/.ssh/config.d ~/dotfiles/config/ssh/config.d
|
||||
check_or_make_symlink ~/.wezterm.lua ~/dotfiles/config/wezterm.lua
|
||||
|
||||
|
||||
|
28
bin/dotf
28
bin/dotf
@@ -18,6 +18,31 @@ exports() {
|
||||
~/dotfiles/bin/actions/export.sh $@
|
||||
}
|
||||
|
||||
secrets() {
|
||||
~/dotfiles/bin/actions/secrets.sh $@
|
||||
}
|
||||
|
||||
ensure_git_hooks() {
|
||||
# If .git/hooks is a symlink, skip this
|
||||
if [[ -L .git/hooks ]]; then
|
||||
# Let's make sure the symlink is correct
|
||||
if [[ $(readlink .git/hooks) != ~/dotfiles/bin/actions/git ]]; then
|
||||
printfe "%s\n" "yellow" "The .git/hooks symlink is incorrect. Please remove it and run this script again."
|
||||
fi
|
||||
return
|
||||
fi
|
||||
|
||||
if [[ -d .git/hooks ]]; then
|
||||
rm -rf ~/dotfiles/.git/hooks
|
||||
printfe "%s\n" "yellow" "The ~/dotfiles/.git/hooks directory already exists. We're removing it!"
|
||||
fi
|
||||
|
||||
ln -s ~/dotfiles/bin/actions/git ~/dotfiles/.git/hooks
|
||||
printfe "%s\n" "green" "Git hooks are now set up!"
|
||||
}
|
||||
|
||||
ensure_git_hooks
|
||||
|
||||
# switch case for parameters
|
||||
case $1 in
|
||||
"update")
|
||||
@@ -35,6 +60,9 @@ case $1 in
|
||||
"help"|"--help"|"")
|
||||
help $@
|
||||
;;
|
||||
"secrets")
|
||||
secrets $@
|
||||
;;
|
||||
term)
|
||||
~/dotfiles/bin/actions/term.sh $@
|
||||
;;
|
||||
|
@@ -5,5 +5,6 @@ Usage: dotf [options] [optional parameters]
|
||||
update: Pull latest changes, and update symlinks and configurations.
|
||||
export: Export dconf, gsettings, and other configurations.
|
||||
status: Show the status of the dotfiles repository.
|
||||
secrets: Encrypt and decrypt secrets.
|
||||
help: Shows this help message
|
||||
|
Reference in New Issue
Block a user