From f6ed0f750e8106447f4bde608eb711172918c19a Mon Sep 17 00:00:00 2001
From: Buddy <git@buddy.wtf>
Date: Fri, 14 Feb 2025 12:48:36 -0800
Subject: [PATCH] Allow multiple recipients for age encryption

 - Add input for role for work and personal
 - Remove unused values in chezmoi data
 - Expect age.key instead of having the public key in the path
---
 .chezmoi.toml.tmpl                     | 24 +++++++++++++-----------
 .chezmoiignore                         | 13 ++++++-------
 dot_config/bash/bashrc.d/base.sh.tmpl  |  2 --
 dot_config/ideavim/ideavimrc.tmpl      |  2 --
 dot_config/nushell/config.nu.tmpl      | 11 +++++------
 dot_config/vim/settings.vim.tmpl       | 23 -----------------------
 run_once_before_ensure-age-key.sh.tmpl |  7 +++++++
 7 files changed, 31 insertions(+), 51 deletions(-)
 create mode 100644 run_once_before_ensure-age-key.sh.tmpl

diff --git a/.chezmoi.toml.tmpl b/.chezmoi.toml.tmpl
index 2cdf2c0..3d416b3 100644
--- a/.chezmoi.toml.tmpl
+++ b/.chezmoi.toml.tmpl
@@ -1,21 +1,23 @@
-{{- $development := promptBoolOnce . "development" "is this a development environment [false]" -}}
-{{- $personal_dev := promptBoolOnce . "personal_dev" "is this a personal development environment [false]" -}}
-{{- $git_email := promptStringOnce . "git_email" "email to use in git config" -}}
+{{- $role_choices := list "none" "personal" "work" "server" -}}
+{{- $role := promptChoiceOnce . "role" "machine role" $role_choices -}}
 {{- $git_name := promptStringOnce . "git_name" "name to use in git config" -}}
+{{- $git_email := promptStringOnce . "git_email" "email to use in git config" -}}
 {{- $include_legacy := promptBoolOnce . "include_legacy" "include old scripts [false]" -}}
-{{- $work := promptBoolOnce . "work" "include work tools [false]" -}}
-{{- $age_key := promptStringOnce . "age_key" "age public key of recipient" -}}
 
 encryption = "age"
 
 [age]
-identity = "{{ .chezmoi.homeDir }}/.config/chezmoi/{{ $age_key }}.key"
-recipient = "{{ $age_key }}"
+identity = "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
+recipients = [
+{{- if eq $role "personal" }}
+    "age1sy9etyqzwrjvpw0udxchp5u3jlm78h2c5fqprur7yyq23ngkkaxswzsnq5",
+{{- else if eq $role "work" }}
+    "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm",
+{{- end }}
+]
 
 [data]
-age_key = "{{ $age_key }}"
-development = {{ $development }}
-git_email = "{{ $git_email }}"
+role = "{{ $role }}"
 git_name = "{{ $git_name }}"
-personal_dev = {{ $personal_dev }}
+git_email = "{{ $git_email }}"
 include_legacy = {{ $include_legacy }}
diff --git a/.chezmoiignore b/.chezmoiignore
index 0cc4db8..10194fb 100644
--- a/.chezmoiignore
+++ b/.chezmoiignore
@@ -1,16 +1,15 @@
 /.idea
 /README.md
-/scripts/
-/key.txt.age
+/scripts
 {{- if not .include_legacy }}
 /.local/share/duck-encoder
 {{- end }}
-{{- if ne .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+{{- if ne .role "personal" }}
+/.config/git/config.d/personal.config
+/.ssh
+{{- end }}
+{{- if ne .role "work" }}
 /.config/nushell/lib/work
 /.config/nushell/lib/work/mod.nu
 /.config/git/config.d/work.config
 {{- end }}
-{{- if ne .age_key "age1sy9etyqzwrjvpw0udxchp5u3jlm78h2c5fqprur7yyq23ngkkaxswzsnq5" }}
-/.config/git/config.d/personal.config
-/.ssh
-{{- end }}
diff --git a/dot_config/bash/bashrc.d/base.sh.tmpl b/dot_config/bash/bashrc.d/base.sh.tmpl
index faadaa8..dacd4e8 100644
--- a/dot_config/bash/bashrc.d/base.sh.tmpl
+++ b/dot_config/bash/bashrc.d/base.sh.tmpl
@@ -33,10 +33,8 @@ if test -r ~/.dircolors; then
 fi
 #{{- end }}
 
-#{{ if .development -}}
 if [[ -d "${XDG_DATA_HOME}/JetBrains/Toolbox/scripts" ]]; then
 	if [[ ":${PATH}:" != *":${XDG_DATA_HOME}/JetBrains/Toolbox/scripts:"* ]]; then
 		export PATH="${PATH}:${XDG_DATA_HOME}/JetBrains/Toolbox/scripts"
 	fi
 fi
-#{{- end }}
diff --git a/dot_config/ideavim/ideavimrc.tmpl b/dot_config/ideavim/ideavimrc.tmpl
index bf41872..0653533 100644
--- a/dot_config/ideavim/ideavimrc.tmpl
+++ b/dot_config/ideavim/ideavimrc.tmpl
@@ -1,6 +1,5 @@
 # chezmoi:template:left-delimiter="{{
 "{{- /* vim: set filetype=vim: */ -}}
-"{{ if .development -}}
 set visualbell
 set noerrorbells
 set relativenumber
@@ -162,4 +161,3 @@ set noerrorbells
 set novisualbell
 set t_vb=
 set timeoutlen=500
-"{{- end }}
diff --git a/dot_config/nushell/config.nu.tmpl b/dot_config/nushell/config.nu.tmpl
index 56bce06..45e2c80 100644
--- a/dot_config/nushell/config.nu.tmpl
+++ b/dot_config/nushell/config.nu.tmpl
@@ -6,7 +6,8 @@ source xdg.nu
 use themes.nu
 use completions *
 use inspect
-#{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+
+#{{- if eq .role "work" }}
 overlay use work
 #{{- end }}
 
@@ -26,10 +27,8 @@ $env.config = {
     use_kitty_protocol: false
 
     plugins: {
-        #{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
-        nupsql: (do {
-            dbs nuql config
-        })
+        #{{- if eq .role "work" }}
+        nupsql: (dbs nuql config)
         #{{- end }}
     }
 
@@ -801,6 +800,6 @@ $env.config = {
     ]
 }
 
-#{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+#{{- if eq .role "work" }}
 dbs nuql auth
 #{{- end }}
diff --git a/dot_config/vim/settings.vim.tmpl b/dot_config/vim/settings.vim.tmpl
index 8bf22a3..d999a1c 100644
--- a/dot_config/vim/settings.vim.tmpl
+++ b/dot_config/vim/settings.vim.tmpl
@@ -17,29 +17,6 @@ let g:onedark_terminal_italics = 1
 
 let g:UltiSnipsSnippetDirectories = [ 'UltiSnips', 'snips' ]
 
-"{{ if .development }}
-let g:sql_type_default = 'pgsql'
-
-""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-" ALE
-let g:ale_sign_error = '→'
-let g:ale_sign_warning = '‽'
-let g:ale_echo_msg_format = '%s [%severity%] [%linter%]'
-let g:ale_set_loclist = 0
-let g:ale_set_quickfix = 1
-"{{- if lookPath "golangci-lint" }}
-let g:ale_go_golangci_lint_package = 1
-"{{- end }}
-
-augroup linters
-    autocmd!
-    autocmd FileType javascript let g:ale_linters['javascript'] = ['eslint']
-"{{- if lookPath "golangci-lint" }}
-    autocmd FileType go let g:ale_linters['go'] = ['golangci-lint']
-"{{- end }}
-augroup END
-"{{ end }}
-
 """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 " NERDTree
 let g:NERDTreeDirArrowExpandable = '▸'
diff --git a/run_once_before_ensure-age-key.sh.tmpl b/run_once_before_ensure-age-key.sh.tmpl
new file mode 100644
index 0000000..cd9f645
--- /dev/null
+++ b/run_once_before_ensure-age-key.sh.tmpl
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+if [ ! -f "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key" ]; then
+       mkdir -p "{{ .chezmoi.homeDir }}/.config/chezmoi"
+       age-keygen --output "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
+       chmod 400 "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
+fi