From 3aa6e506aa1c49e3d2dd2b0b8fd62bbd508a1dc8 Mon Sep 17 00:00:00 2001 From: Andrei Jiroh Eugenio Halili Date: Sat, 11 Jun 2022 15:36:58 +0000 Subject: [PATCH] Add pass to customize-env script for Cloud Shell + more updates to bootstrap script Signed-off-by: Andrei Jiroh Eugenio Halili --- .config/devshell.env | 2 +- bootstrap | 26 ++++++++++++++++++++------ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/.config/devshell.env b/.config/devshell.env index a64a8ba..d539d47 100644 --- a/.config/devshell.env +++ b/.config/devshell.env @@ -16,7 +16,7 @@ sleep 2; echo # Install HashiCorp Vault, as usual. Don't forget to update GitHub CLI and Terraform echo "===> Installing GitHub CLI, bat, Terraform and vault CLI" -apt-get install vault gh terraform bat -y +apt-get install vault gh terraform bat keychain -y sleep 2; echo # Install Git and Git LFS from Buster backports diff --git a/bootstrap b/bootstrap index 7068f75..ec5f393 100755 --- a/bootstrap +++ b/bootstrap @@ -92,15 +92,15 @@ checkOs() { setupSysPkgs() { echoStageName "Installating essiential dependencies" if [[ $DOTFILES_OS_NAME == "android-termux" ]] && [[ $SKIP_DEPENDENCY_INSTALL == "" ]]; then - pkg install -y man git nano gnupg openssh proot resolv-conf asciinema openssl-tool pass + pkg install -y man git nano gnupg openssh proot resolv-conf asciinema openssl-tool pass keychain setupGhCli setupGLabCli elif [[ $DOTFILES_OS_NAME == "debian" ]] && [[ $SKIP_DEPENDENCY_INSTALL == "" ]]; then - sudo apt install gnupg git nano pass openssh-client -y + sudo apt install gnupg git nano pass openssh-client keychain -y setupGhCli setupGLabCli elif [[ $DOTFILES_OS_NAME == "ubuntu" ]] && [[ $SKIP_DEPENDENCY_INSTALL == "" ]]; then - sudo apt install gnupg nano pass openssh-client -y + sudo apt install gnupg nano pass openssh-client keychain -y setupGhCli setupGLabCli else @@ -115,7 +115,7 @@ setupAsdf() { setupNode() { if [[ $USE_NVM == "1" ]]; then - echoStagName "Installing Node.js Version Manager" + echoStageName "Installing Node.js Version Manager" $(command -v curl >>/dev/null && echo "curl -o-" || echo "wget -qO-") https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | NODE_VERSION=${NODE_VERSION:"lts/*"} NVM_DIR="$HOME/.nvm" PROFILE=/dev/null bash fi } @@ -459,11 +459,24 @@ importGpgKeys() { wget $PERSONAL_KEY_URL -O /tmp/keys-import-tmp/personal wget $PASSWORD_STORE_KEY_URL -O /tmp/keys-import-tmp/password-store wget $OSS_RELEASES_PERSONAL_KEY_URL -O /tmp/keys-import-tmp/releases-key + + # This is an unsafe operation, but even through they have the keys, they still need to + # steal the passwords, but I may rotate the keys very soon. gpg --batch --no-tty --yes --import /tmp/keys-import-tmp/personal gpg --batch --no-tty --yes --import /tmp/keys-import-tmp/password-store gpg --batch --no-tty --yes --import /tmp/keys-import-tmp/releases-key } +initPasswordStore() { + if [[ ! -d "$PASSWORD_STORE_DIR" ]]; then + echoStageName "Cloning passwdstore Git repo" + git clone https://gitlab.com/ajhalili2006/passwdstore-personal "$PASSWORD_STORE_DIR" + elif [[ ! -d "$PASSWORD_STORE_DIR" ]]; then + echoStageName "Updating local passwdstore Git repo" + git -C "$PASSWORD_STORE_DIR" pull origin main + fi +} + importSshKeys() { if [[ -d "$DOTFILES_PATH/secrets" ]]; then true @@ -498,7 +511,7 @@ main() { checkOs # step 2: install needed tools and create ~/.local/bin - setupSysPkg + setupSysPkgs userspcaeBinDirCheck # step 3.1: then clone the repo @@ -522,7 +535,8 @@ main() { setupSshConfig # step 5.2: copy our secrets btw - cloneSecretsRepo # Run this before we even copy the ssh keys! + cloneSecretsRepo # Run this before we even copy the ssh keys! Also this is definitely deprecated. + initPasswordStore # Setup passwordstore stuff importGpgKeys importSshKeys