#!/bin/bash # shellcheck shell=bash { # curybrackets is included to ensure everything is downloaded #set -e # if undefined, use $HOME/.local if [[ $PREFIX == "" ]]; then export PREFIX="$HOME/.local" if [[ ! -d "$PREFIX/bin" ]]; then mkdir "$PREFIX/bin" -p fi fi # Check if we're on Gitpod OR GitHub Codespaces before running the main script # Note that I can't cover literally everything on automated tests and manual # runs. You don't want to abuse CI services for the sake of validating every # single edge case in the script. if [[ $CODESPACES == "true" ]]; then DOTFILES_PATH="/workspaces/.codespaces/.persistedshare/dotfiles" PASSWORD_STORE_DIR="/workspaces/.codespaces/.presistedshare/password-store" else DOTFILES_PATH=${DOTFILES_HOME:-"$HOME/.dotfiles"} PASSWORD_STORE_DIR=${PASSWORD_STORE_DIR:-"/$HOME/.password-store"} fi writeConfig() { printf "DOTFILES_PATH=$DOTFILES_PATH\nPASSWORD_STORE_DIR=$PASSWORD_STORE_DIR" } # TODO: Make this better, possibly using some magic that uses FTG installer script banner() { echoStageNameAdd "Dotfiles Bootstrap Script by @ajhalili2006, licensed under MIT" echoStageName "Linux machine bootstrapper starts in 3 seconds..." sleep 3 } useColor() { RED=$(printf '\033[31m') GREEN=$(printf '\033[32m') YELLOW=$(printf '\033[33m') BLUE=$(printf '\033[34m') MAGENTA=$(printf '\033[35m') BOLD=$(printf '\033[1m') RESET=$(printf '\033[m') } echoStageName() { echo "${BOLD}----> $* ${RESET}" } echoStageNameAdd() { echo "${BOLD} $* ${RESET}" } warn() { echo "${YELLOW}warning: $* ${RESET}" } error() { # this will be long, so I must do "&& exit 1" manually echo "${RED}error: $* ${RESET}" } success() { echo "${GREEN}success: $* ${RESET}" } info() { echo "info: $*" } checkOs() { # This step is required for different actions, like installing deps from system-wide package managers # among other sorts of shitfuckery. We may need to also run tests through the CI to ensure nothing breaks. if echo "$OSTYPE" | grep -qE "linux-android.*"; then export DOTFILES_OS_NAME=android-termux elif echo "$OSTYPE" | grep -qE '^linux-gnu.*' && [ "$(lsb_release -is)" == "Debian" ]; then export DOTFILES_OS_NAME=debian if [ -d '/google/devshell' ] && [ -f '/google/devshell/bashrc.google' ]; then export GOOGLE_CLOUD_SHELL=true fi elif $OSTYPE | grep -qE '^linux-gnu.*' && [ "$(lsb_release -is)" == "Ubuntu" ]; then export DOTFILES_OS_NAME=ubuntu else error "Script unsupported for this specific distro. If this was an downstream fork of another repo, you could override" error "the DOTFILES_OS_NAME variable" fi } setupSysPkgs() { echoStageName "Installating essiential dependencies" if [[ $DOTFILES_OS_NAME == "android-termux" ]] && [[ $SKIP_DEPENDENCY_INSTALL == "" ]]; then pkg install -y man git nano gnupg openssh proot resolv-conf asciinema openssl-tool pass setupGhCli setupGLabCli elif [[ $DOTFILES_OS_NAME == "debian" ]] && [[ $SKIP_DEPENDENCY_INSTALL == "" ]]; then sudo apt install gnupg git nano pass openssh-client -y setupGhCli setupGLabCli elif [[ $DOTFILES_OS_NAME == "ubuntu" ]] && [[ $SKIP_DEPENDENCY_INSTALL == "" ]]; then sudo apt install gnupg nano pass openssh-client -y setupGhCli setupGLabCli else warn "Dependency installs are being skipped" fi sleep 5 } setupAsdf() { warn WIP } setupNode() { if [[ $USE_NVM == "1" ]]; then echoStagName "Installing Node.js Version Manager" $(command -v curl >>/dev/null && echo "curl -o-" || echo "wget -qO-") https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | NODE_VERSION=${NODE_VERSION:"lts/*"} NVM_DIR="$HOME/.nvm" PROFILE=/dev/null bash fi } setupPython() { if [[ $USE_PYENV == "1" ]]; then PYENV_ROOT=${PYENV_ROOT:-"$HOME/.pyenv"} if [[ ! -d "${HOME}/.pyenv" ]]; then echoStageName "Installing Pyenv with pyenv-installer" curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash else git -C "${PYENV_ROOT}" pull origin --verbose git -C "${PYENV_ROOT}/plugins/pyenv-doctor" pull origin --verbose git -C "${PYENV_ROOT}/plugins/pyenv-installer" pull origin --verbose git -C "${PYENV_ROOT}/plugins/pyenv-update" pull origin --verbose git -C "${PYENV_ROOT}/plugins/pyenv-virtualenv" pull origin --verbose git -C "${PYENV_ROOT}/plugins/pyenv-which-ext" pull origin --verbose fi echoStageName "Installing build deps as needed by pyenv" if [[ $DOTFILES_OS_NAME == "debian" ]] || [[ $DOTFILES_OS_NAME == "ubuntu" ]]; then sudo apt-get update; sudo apt-get install make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev llvm libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev -y fi echoStageName "Installing Python3 through Pyenv" "${PYENV_ROOT}/bin/pyenv" install 3.9.6 "${PYENV_ROOT}/bin/pyenv" global 3.9.6 elif [[ $UPDATE_SYSTEM_PYTHON_INSTALL != "" ]]; then echoStageName "Updating Python install" sudo apt install python3 python3-pip --yes fi } userspcaeBinDirCheck() { echoStageName "checking if PREFIX/bin exists" if [ ! -d "$PREFIX/bin" ]; then warn "$PREFIX/bin doesn't exists, creating..." mkdir -p "$PREFIX/bin" else success "Looks good! $PREFIX/bin directory exists." fi } cloneRepo() { if [ ! -d "$DOTFILES_PATH" ]; then echoStageName "Cloning the dotfiles repo" git clone https://github.com/ajhalili2006/dotfiles.git $DOTFILES_PATH else echoStageName "Dotfiles repo found, pulling remote changes instead" git -C "$DOTFILES_PATH" fetch --all git -C "$DOTFILES_PATH" pull origin fi sleep 5 } # Decouple secrets repo cloning process from the main cloneSecretsRepo() { case $FF_UNENCRYPTED_SECRETS_REPO in "true") ;; *) warn "Cloning your unencrypted secrets repo to $DOTFILES_PATH/secrets is no longer supported. Please set FF_UNENCRYPTED_SECRETS_REPO" warn "variable or migrate your secrets to PasswordStore to avoid disruptions. In meanwhile, this script will setup GPG for you" return ;; esac # Since I also have an GitHub mirror of that private repo, maybe we can set an variable for that if [[ $USE_GH_SECRETS_MIRROR != "" ]]; then true # just an bypass command to avoid these steps below elif [[ $GITLAB_TOKEN == "" ]] && [[ $GITLAB_LOGIN == "" ]] && [ ! -d "$DOTFILES_PATH/secrets" ]; then warn "GitLab login and token is blank, skipping..." && true # Probably change my GitLab SaaS username with yours elif [[ $GITLAB_LOGIN != "ajhalili2006" ]] && [ ! -d "$DOTFILES_PATH/secrets" ]; then warn "Only Andrei Jiroh can do this!" && true elif [[ $GITLAB_LOGIN == "ajhalili2006" ]] && [[ $GITLAB_TOKEN == "" ]] && [ ! -d "$DOTFILES_PATH/secrets" ]; then warn "Missing GitLab SaaS PAT! Check your Bitwarden vault for that PAT with atleast read_repository scope, or use GitHub mirror instead." else if [ ! -d "$DOTFILES_PATH/secrets" ]; then echoStageName "Cloning secrets repo" "$DOTFILES_PATH/secrets" warn "The unencrypted secrets repo is currently deprecated and may be removed from the bootstrapping process. Please migrate to" warn "Pass" if [[ $USE_GH_SECRETS_MIRROR != "" ]]; then gh repo clone ajhalili2006/dotfiles-secrets "$DOTFILES_PATH/secrets" elif ! glab repo clone $HOME/.dotfiles/secrets; then warn "There was an problem while cloning the repo, please check the credentials and try again" warn "gracefully skipping this step" fi chmod 760 "$DOTFILES_PATH/secrets" #git -C "$DOTFILES_PATH/secrets" remote set-url origin git@gitlab.com:ajhalili2006/dotfiles-secrets elif [[ -d "$DOTFILES_PATH/secrets" ]] ; then chmod 760 "$DOTFILES_PATH/secrets" git -C "$DOTFILES_PATH/secrets" fetch --all git -C "$DOTFILES_PATH/secrets" pull fi fi sleep 5 } # TODO: Check whenever Linuxbrew is installed and use local Homebrew install instead when detected. # TODO: If installed using this script via FF_SETUP_HOMEBREW environment variable, defaults to # TODO: /home/linuxbrew/.nrew as per my bashrc and zshrc files. # Install GitHub CLI if we're gonna use that GitHub mirror setupGhCli() { if command -v gh >>/dev/null; then info "GitHub CLI installed for this environment, skipping system package manager setup" return fi if [[ $DOTFILES_OS_NAME == "android-termux" ]]; then pkg install gh # TODO: check Linux install docs in cli/cli elif [[ $DOTFILES_OS_NAME == "debian" || $DOTFILES_OS_NAME == "ubuntu" ]] && ! command -v gh >> /dev/null; then curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null sudo apt update && sudo apt install gh fi } # Also setup GLab CLI too setupGLabCli() { if command -v glab >>/dev/null; then info "GLab CLI installed for this environment, skipping running scripts from Git repo rawfile/Termux pkgrepo" return fi if [[ "$DOTFILES_OS_NAME" == "android-termux" ]]; then warn "GLab CLI is currently unavailable on Termux package repos yet." return #pkg install glab else curl -fsSL https://raw.githubusercontent.com/profclems/glab/trunk/scripts/install.sh | sh - "$PREFIX" fi } cleanup() { echoStageName "Bootstrapper successfully ran, cleaning up to ensure no secrets are leaked on env vars..." # just add chaos to these secrets to avoid leaks export GITLAB_LOGIN=gildedguy export GITLAB_TOKEN=build-guid-sus-among-computers-moment if echo "$OSTYPE" | grep -qE "linux-android.*"; then rm -rfv ~/{shellcheck,flarectl,LICENSE,README.txt,README.md} pkg uninstall clang --yes && apt autoremove --yes else rm -rfv ~/{shellcheck,flarectl,LICENSE,README.txt,README.md}* || true unset PREFIX fi success "Setting up a new Linux machine was succesfully executed. To ensure no secrets are leaked when logging utfrom shell session, please do 'history -c' to cleanup shell history." [[ $GOOGLE_CLOUD_SHELL == "true" ]] && warn "Looks like you're on Google Cloud Shell, please restart your virtual machine for changes to take effect." sleep 2 unset DOTFILES_OS_NAME GOOGLE_CLOUD_SHELL exit } setupSshConfig() { echoStageName "Linking config files" if echo $OSTYPE | grep -qE "linux-android.*"; then [ ! -f "$HOME/.ssh/config" ] && ln -s $HOME/.dotfiles/ssh-client/termux ~/.ssh/config # TODO: Write checks if it's Ubuntu or Debian # See https://superuser.com/a/741610/1124908 for details elif echo $OSTYPE | grep -qE '^linux-gnu.*'; then [ ! -f "$HOME/.ssh/config" ] && ln -s "$HOME/.dotfiles/ssh-client/linux" "$HOME/.ssh/config" fi sleep 5 } copyBashrc() { if [[ $DOTFILES_OS_NAME == "android-termux" ]]; then ln -s $HOME/.dotfiles/termux.bashrc ~/.bashrc elif [[ $DOTFILES_OS_NAME == "debian" ]] || [[ $DOTFILES_OS_NAME == "ubuntu" ]]; then if [[ $SKIP_CONFIG_LINKING == "" ]] && [ ! -f "$HOME/.bashrc" ]; then ln -s "$HOME/.dotfiles/ubuntu.bashrc" ~/.bashrc elif [[ $GOOGLE_CLOUD_SHELL == "true" ]] && [[ $SKIP_CONFIG_LINKING == "" ]] && [ -f "$HOME/.bashrc" ]; then rm "$HOME/.bashrc" ln -s "$HOME/.dotfiles/bashrc/googlecloudshell.bashrc" "$HOME/.bashrc" elif [[ $SKIP_CONFIG_LINKING == "" ]] && [ -f "$HOME/.bashrc" ]; then if [[ -L "$HOME/.bashrc" ]]; then warn "~/.bashrc is symlinked, skipping the linking process" else warn "Existing bashrc found, renaming to ~/.bashrc.bak" mv "$HOME/.bashrc" "$HOME/.bashrc.bak" ln -s "$HOME/.dotfiles/ubuntu.bashrc" "$HOME/.bashrc" fi fi fi } copyGitConfig() { echoStageName "Symlinking Git config" if [[ $DOTFILES_OS_NAME == "android-termux" ]] && [[ $SKIP_CONFIG_LINKING == "" ]]; then [ ! -L "$HOME/.gitconfig" ] && ln -s "$HOME/.dotfiles/gitconfig/termux" ~/.gitconfig && success "Git config symlinked" || warn "Git configuration on userspace found, either symlink is broken or customizations had been made. Please fix any conflicts or soft link them manually!" # TODO: Write checks if it's Ubuntu or Debian # See https://superuser.com/a/741610/1124908 for details # By default, we'll use the one-size-fits-all Linux config for Git elif echo $OSTYPE | grep -qE '^linux-gnu.*' && [[ $SKIP_CONFIG_LINKING == "" ]]; then [ ! -L "$HOME/.gitconfig" ] && ln -s "$HOME/.dotfiles/gitconfig/linux" "$HOME/.gitconfig" || warn "Git configuration on userspace found, either symlink is broken or customizations had been made. Please fix any conflicts or soft link them manually!" fi } copyNanoConfig() { echoStagename "Symlinking GNU nano config file" if [[ $DOTFILES_OS_NAME == "android-termux" ]]; then [ "$SKIP_CONFIG_LINKING" == "" ] && ln -s "$HOME/.dotfiles/nanorc/config/termux" "$HOME/.nanorc" else [ "$SKIP_CONFIG_LINKING" == "" ] && [ ! -L "$HOME/.gitconfig" ] && ln -s "$HOME/.dotfiles/nanorc/config/linux.nanorc" "$HOME/.nanorc" fi } setupSC() { echoStageName "Installing Shellcheck" scversion="stable" case $(uname -m) in amd64) SHELLCHECK_ARCHIVE_URL="https://github.com/koalaman/shellcheck/releases/download/${scversion?}/shellcheck-${scversion?}.linux.x86_64.tar.xz";; aarch64) SHELLCHECK_ARCHIVE_URL="https://github.com/koalaman/shellcheck/releases/download/${scversion?}/shellcheck-${scversion?}.linux.aarch64.tar.xz";; *) warn "ShellCheck release binaries from GitHub is probably unsupported, try using your system package manager instead." && return;; esac if [[ $SKIP_DEPENDENCY_INSTAL == "" ]]; then current_shellcheck_path=$(command -v shellcheck) isOwnedByUser="$(find $PREFIX/bin -user $USER -name shellcheck)" current_path_dir="$(dirname $current_shellcheck_path)" wget -qO- "$SHELLCHECK_ARCHIVE_URL" | tar -xJv -C "$HOME" if [[ $current_shellcheck_path == "" ]]; then cp "$HOME/shellcheck-${scversion}/shellcheck" "$PREFIX/bin" elif [[ $current_shellcheck_path == "$PREFIX/bin/shellcheck" ]]; then warn "Current ShellCheck install found in $PREFIX/bin, replacing with latest stable release..." if [[ $isOwnedByUser == "" ]]; then [ -f "$PREFIX/bin/shellcheck" ] && warn "Owned by either other user/root, summoning root" && sudo rm "${PREFIX}/bin/shellcheck" else rm "${PREFIX}/bin/shellcheck" fi cp "$HOME/shellcheck-${scversion}/shellcheck" "$PREFIX/bin" else warn "Current ShellCheck install found in $current_path_dir, will be removed..." if [[ $isOwnedByUser == "" ]]; then warn "Owned by either other user/root, summoning root" sudo rm "$current_path_dir/shellcheck" else rm "${PREFIX}/bin/shellcheck" fi cp "$HOME/shellcheck-${scversion}/shellcheck" "$PREFIX/bin" fi else warn "Shellcheck install/upgrade is being skipped!" fi } setupAscinema() { echoStageName "Installing Asciinema" if [[ $DOTFILES_OS_NAME == "android-termux" ]] && [[ $SKIP_DEPENDENCY_INSTALL == "" ]]; then pkg install aciinema -y elif [[ $SKIP_DEPENDENCY_INSTALL == "" ]]; then if command -v python3>>/dev/null && [ -f "$HOME/.pyenv/shims/python3" ]; then "$HOME/.pyenv/shims/pip3" install asciinema --user --upgrade else pip3 install asciinema --user --upgrade fi fi } setupTF() { echoStageName "Installing pip3:thefuck" if [[ $DOTFILES_OS_NAME == "android-termux" ]]; then pkg install clang -y && pip install thefuck --user --upgrade else # TODO: Also handle asdf shims if command -v python3>>/dev/null && [ -f "$HOME/.pyenv/shims/python3" ]; then "$HOME/.pyenv/shims/pip3" install thefuck --upgrade else pip3 install thefuck --user --upgrade fi fi } setupFilterRepo() { echoStageName "Installing pip3:git-filter-repo" if [[ $DOTFILES_OS_NAME == "android-termux" ]]; then pip install git-filter-repo --upgrade else # TODO: handle asdf shims and other version mgnrs for Python if command -v python3>>/dev/null && [ -f "$HOME/.pyenv/shims/python3" ]; then "$HOME/.pyenv/shims/pip3" install git-filter-repo --upgrade else pip3 install git-filter-repo --user --upgrade fi fi } # usage stuff usage() { echo "Accepted bootstrap script arguments are:" echo " * --help|-h - Show this text." echo " * -i|--skip-install-packages - Skip installing different dependencies and packages" echo " * -d|--debug - Enable debugging" echo " * -l|--config-symlink - Skip symlinking config files (nanorc, bashrc, etc.)" echo " * --deprecated-secrets-repo - Clone also deprecated dotfiles-secrets repo, alongside the" echo " experimential personal PasswordStore git repo" } customizeCloudShell() { echoStageName "Adding customizations for Cloud Shell Environment" if [ -f ~/.customize_environment ]; then warn "Envirnment customization script found, deleting old one..." rm -fv ~/.customize_environment fi ln -s ~/.dotfiles/.config/devshell.env ~/.customize_environment && chmod +x ~/.customize_environment if [ ! -d "$HOME/.cloudshell" ]; then mkdir "$HOME/.cloudshell" fi if [ ! -f "$HOME/.cloudshell/no-apt-get-warning" ]; then touch "$HOME/.cloudshell/no-apt-get-warning" fi echoStageName "Running ~/.customize_environment for you" sudo "$HOME/.customize_environment" } # Install VS Code here (or code-server) installCode() { if [[ $USE_CODE_SERVER != "" ]]; then # We'll use the officil script here, because why not? This may take longer on Termux if that's the case. echoStageName "Installing Code Server" curl -fsSL https://code-server.dev/install.sh | sh fi if [[ $XDG_CURRENT_DESKTOP != "" ]]; then true # It's true for now #echo "Installing VS Code from Microsoft" # TODO fi } importGpgKeys() { if [[ $STORJ_ACCESS_GRANT == "" ]]; then warn "Storj DCS access grant is missing, skipping gpg keys import" return fi BASE_URL="https://link.eu1.storjshare.io/s" BUCKET_PATH="ajhalili2006-files-private/gpg-key-backups" PERSONAL_KEY_URL="$BASE_URL/$STORJ_ACCESS_GRANT/$BUCKET_PATH/personal-main-backup.gpg?download=1" PASSWORD_STORE_KEY_URL="$BASE_URL/$STORJ_ACCESS_GRANT/$BUCKET_PATH/personal-passwordstore-backup.gpg?download=1" OSS_RELEASES_PERSONAL_KEY_URL="$BASE_URL/$STORJ_ACCESS_GRANT/$BUCKET_PATH/personal-releases-backup.gpg?download=1" mkdir -p /tmp/keys-import-tmp # TODO: check if /dev/shm is usuable and use that dir instead for security reasons wget $PERSONAL_KEY_URL -O /tmp/keys-import-tmp/personal wget $PASSWORD_STORE_KEY_URL -O /tmp/keys-import-tmp/password-store wget $OSS_RELEASES_PERSONAL_KEY_URL -O /tmp/keys-import-tmp/releases-key gpg --batch --no-tty --yes --import /tmp/keys-import-tmp/personal gpg --batch --no-tty --yes --import /tmp/keys-import-tmp/password-store gpg --batch --no-tty --yes --import /tmp/keys-import-tmp/releases-key } importSshKeys() { if [[ -d "$DOTFILES_PATH/secrets" ]]; then true elif [[ -d "$PASSWORD_STORE_DIR" ]]; then pass show keys/ssh/personal | tee ~/.ssh/personal >>/dev/null pass show keys/ssh/recaptime.dev | tee ~/.ssh/ajhalili2006.recaptime.dev >> /dev/null fi } main() { # check if the help flag is here [[ $DEBUG != "" ]] && echo "flags: $*" while [[ $# -gt 0 ]]; do case $1 in "--help"|-h) shift usage exit ;; *) shift error "Invalid arguments, add the help flag for usage." && exit 1 esac shift done # import colors and show the banner useColor banner # step 1: check the OS first checkOs # step 2: install needed tools and create ~/.local/bin setupSysPkg userspcaeBinDirCheck # step 3.1: then clone the repo cloneRepo # step 3.2: if we're in Cloud Shell, do this [[ $GOOGLE_CLOUD_SHELL == "true" ]] && customizeCloudShell # step 4: install additional needed tools setupAscinema setupTF setupFilterRepo setupSC setupNodejs installCode # step 5: copy and symlink files copyGitConfig copyNanoConfig copyBashrc setupSshConfig # step 5.2: copy our secrets btw cloneSecretsRepo # Run this before we even copy the ssh keys! importGpgKeys importSshKeys # step 6: finally clean up BS ScoMo from marketing did cleanup } main "$@" } # curybrackets is included to ensure everything is downloaded