feat: adds secrets

Signed-off-by: Menno van Leeuwen <menno@vleeuwen.me>

bin/actions/git/pre-commit

@@ -0,0 +1,18 @@
+#!/usr/bin/env zsh
+
+source ~/dotfiles/bin/helpers/functions.sh
+
+# Check for unencrypted files in .ssh/config.d/
+unencrypted_files=$(find config/ssh/config.d/ -type f ! -name "*.gpg")
+
+if [ -n "$unencrypted_files" ]; then
+    printfe "%s\n" "red" "Unencrypted files found in .ssh/config.d/:"
+    for file in $(find config/ssh/config.d/ -type f ! -name "*.gpg"); do
+        printfe "%s\n" "yellow" "  - $file"
+    done
+
+    echo ""
+    printfe "%s\n" "blue" "Use 'dotf secrets encrypt' to encrypt them."
+    exit 1
+fi
+

bin/actions/secrets.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env zsh
+
+source ~/dotfiles/bin/helpers/functions.sh
+
+####################################################################################################
+# Decrypt secrets
+####################################################################################################
+printfe "%s\n" "cyan" "Fetching password from 1Password..."
+echo -en '\r'
+
+output=$(op item get "SSH Config Secrets" --fields password)
+command=$(echo "$output" | grep -oP "(?<=use ').*(?=')")
+password=$(eval $command | grep -oP "(?<=  password:    ).*" | tr -d '\n')
+
+# Check what we are supposed to do (Either decrypt or encrypt)
+if [[ "$2" == "decrypt" ]]; then
+    printfe "%s\n" "cyan" "Decrypting .ssh/config.d/ files..."
+    echo -en '\r'
+
+    for file in ~/.ssh/config.d/*.gpg; do
+        filename=$(basename $file .gpg)
+        gpg --quiet --batch --yes --decrypt --passphrase="$password" --output ~/.ssh/config.d/$filename $file
+        rm $file
+    done
+elif [[ "$2" == "encrypt" ]]; then
+    printfe "%s\n" "cyan" "Encrypting .ssh/config.d/ files..."
+    echo -en '\r'
+
+    for file in ~/.ssh/config.d/*; do
+        # Skip already encrypted files
+        if [[ $file == *.gpg ]]; then
+            continue
+        fi
+
+        gpg --quiet --batch --yes --symmetric --cipher-algo AES256 --armor --passphrase="$password" --output $file.gpg $file
+        rm $file
+    done
+else
+    printfe "%s\n" "red" "Invalid argument. Use 'decrypt' or 'encrypt'"
+    exit 1
+fi

bin/actions/update.sh

@@ -25,7 +25,8 @@ else
   check_or_make_symlink ~/.gitconfig ~/dotfiles/config/gitconfig.linux
 fi
 
-check_or_make_symlink ~/.ssh/config ~/dotfiles/ssh/config
+check_or_make_symlink ~/.ssh/config ~/dotfiles/config/ssh/config
+check_or_make_symlink ~/.ssh/config.d ~/dotfiles/config/ssh/config.d
 check_or_make_symlink ~/.wezterm.lua ~/dotfiles/config/wezterm.lua
 
 

bin/dotf

@@ -18,6 +18,31 @@ exports() {
     ~/dotfiles/bin/actions/export.sh $@
 }
 
+secrets() {
+    ~/dotfiles/bin/actions/secrets.sh $@
+}
+
+ensure_git_hooks() {
+    # If .git/hooks is a symlink, skip this
+    if [[ -L .git/hooks ]]; then
+        # Let's make sure the symlink is correct
+        if [[ $(readlink .git/hooks) != ~/dotfiles/bin/actions/git ]]; then
+            printfe "%s\n" "yellow" "The .git/hooks symlink is incorrect. Please remove it and run this script again."
+        fi
+        return
+    fi
+
+    if [[ -d .git/hooks ]]; then
+        rm -rf ~/dotfiles/.git/hooks
+        printfe "%s\n" "yellow" "The ~/dotfiles/.git/hooks directory already exists. We're removing it!"
+    fi
+
+    ln -s ~/dotfiles/bin/actions/git ~/dotfiles/.git/hooks
+    printfe "%s\n" "green" "Git hooks are now set up!"
+}
+
+ensure_git_hooks
+
 # switch case for parameters
 case $1 in
     "update")
@@ -35,6 +60,9 @@ case $1 in
     "help"|"--help"|"")
         help $@
         ;;
+    "secrets")
+        secrets $@
+        ;;
     term)
         ~/dotfiles/bin/actions/term.sh $@
         ;;

bin/resources/help.txt

@@ -5,5 +5,6 @@ Usage: dotf [options] [optional parameters]
     update:         Pull latest changes, and update symlinks and configurations.
     export:         Export dconf, gsettings, and other configurations.
     status:         Show the status of the dotfiles repository.
+    secrets:        Encrypt and decrypt secrets.
     help:           Shows this help message