Allow multiple recipients for age encryption

- Add input for role for work and personal - Remove unused values in chezmoi data - Expect age.key instead of having the public key in the path
1 week ago · f6ed0f750e
parent de14c30c48
commit f6ed0f750e
7 changed files with 31 additions and 51 deletions
--- a/.chezmoi.toml.tmpl
+++ b/.chezmoi.toml.tmpl
@ -1,21 +1,23 @@
-{{- $development := promptBoolOnce . "development" "is this a development environment [false]" -}}
+{{- $role_choices := list "none" "personal" "work" "server" -}}
-{{- $personal_dev := promptBoolOnce . "personal_dev" "is this a personal development environment [false]" -}}
+{{- $role := promptChoiceOnce . "role" "machine role" $role_choices -}}
 {{- $git_email := promptStringOnce . "git_email" "email to use in git config" -}}
 {{- $git_name := promptStringOnce . "git_name" "name to use in git config" -}}
 {{- $git_email := promptStringOnce . "git_email" "email to use in git config" -}}
 {{- $include_legacy := promptBoolOnce . "include_legacy" "include old scripts [false]" -}}
 {{- $work := promptBoolOnce . "work" "include work tools [false]" -}}
 {{- $age_key := promptStringOnce . "age_key" "age public key of recipient" -}}
 encryption = "age"
 [age]
-identity = "{{ .chezmoi.homeDir }}/.config/chezmoi/{{ $age_key }}.key"
+identity = "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
-recipient = "{{ $age_key }}"
+recipients = [
 {{- if eq $role "personal" }}
    "age1sy9etyqzwrjvpw0udxchp5u3jlm78h2c5fqprur7yyq23ngkkaxswzsnq5",
 {{- else if eq $role "work" }}
    "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm",
 {{- end }}
 ]
 [data]
-age_key = "{{ $age_key }}"
+role = "{{ $role }}"
 development = {{ $development }}
 git_email = "{{ $git_email }}"
 git_name = "{{ $git_name }}"
-personal_dev = {{ $personal_dev }}
+git_email = "{{ $git_email }}"
 include_legacy = {{ $include_legacy }}
--- a/.chezmoiignore
+++ b/.chezmoiignore
@ -1,16 +1,15 @@
 /.idea
 /README.md
-/scripts/
+/scripts
 /key.txt.age
 {{- if not .include_legacy }}
 /.local/share/duck-encoder
 {{- end }}
-{{- if ne .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+{{- if ne .role "personal" }}
 /.config/git/config.d/personal.config
 /.ssh
 {{- end }}
 {{- if ne .role "work" }}
 /.config/nushell/lib/work
 /.config/nushell/lib/work/mod.nu
 /.config/git/config.d/work.config
 {{- end }}
 {{- if ne .age_key "age1sy9etyqzwrjvpw0udxchp5u3jlm78h2c5fqprur7yyq23ngkkaxswzsnq5" }}
 /.config/git/config.d/personal.config
 /.ssh
 {{- end }}
--- a/dot_config/bash/bashrc.d/base.sh.tmpl
+++ b/dot_config/bash/bashrc.d/base.sh.tmpl
@ -33,10 +33,8 @@ if test -r ~/.dircolors; then
 fi
 #{{- end }}
 #{{ if .development -}}
 if [[ -d "${XDG_DATA_HOME}/JetBrains/Toolbox/scripts" ]]; then
 	if [[ ":${PATH}:" != *":${XDG_DATA_HOME}/JetBrains/Toolbox/scripts:"* ]]; then
 		export PATH="${PATH}:${XDG_DATA_HOME}/JetBrains/Toolbox/scripts"
 	fi
 fi
 #{{- end }}
--- a/dot_config/ideavim/ideavimrc.tmpl
+++ b/dot_config/ideavim/ideavimrc.tmpl
@ -1,6 +1,5 @@
 # chezmoi:template:left-delimiter="{{
 "{{- /* vim: set filetype=vim: */ -}}
 "{{ if .development -}}
 set visualbell
 set noerrorbells
 set relativenumber
@ -162,4 +161,3 @@ set noerrorbells
 set novisualbell
 set t_vb=
 set timeoutlen=500
 "{{- end }}
--- a/dot_config/nushell/config.nu.tmpl
+++ b/dot_config/nushell/config.nu.tmpl
@ -6,7 +6,8 @@ source xdg.nu
 use themes.nu
 use completions *
 use inspect
-#{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+
 #{{- if eq .role "work" }}
 overlay use work
 #{{- end }}
@ -26,10 +27,8 @@ $env.config = {
    use_kitty_protocol: false
    plugins: {
-        #{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+        #{{- if eq .role "work" }}
-        nupsql: (do {
+        nupsql: (dbs nuql config)
            dbs nuql config
        })
        #{{- end }}
    }
@ -801,6 +800,6 @@ $env.config = {
    ]
 }
-#{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+#{{- if eq .role "work" }}
 dbs nuql auth
 #{{- end }}
--- a/dot_config/vim/settings.vim.tmpl
+++ b/dot_config/vim/settings.vim.tmpl
@ -17,29 +17,6 @@ let g:onedark_terminal_italics = 1
 let g:UltiSnipsSnippetDirectories = [ 'UltiSnips', 'snips' ]
 "{{ if .development }}
 let g:sql_type_default = 'pgsql'
 """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 " ALE
 let g:ale_sign_error = '→'
 let g:ale_sign_warning = '‽'
 let g:ale_echo_msg_format = '%s [%severity%] [%linter%]'
 let g:ale_set_loclist = 0
 let g:ale_set_quickfix = 1
 "{{- if lookPath "golangci-lint" }}
 let g:ale_go_golangci_lint_package = 1
 "{{- end }}
 augroup linters
    autocmd!
    autocmd FileType javascript let g:ale_linters['javascript'] = ['eslint']
 "{{- if lookPath "golangci-lint" }}
    autocmd FileType go let g:ale_linters['go'] = ['golangci-lint']
 "{{- end }}
 augroup END
 "{{ end }}
 """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 " NERDTree
 let g:NERDTreeDirArrowExpandable = '▸'
--- a/run_once_before_ensure-age-key.sh.tmpl
+++ b/run_once_before_ensure-age-key.sh.tmpl
@ -0,0 +1,7 @@
 #!/usr/bin/env bash
 if [ ! -f "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key" ]; then
       mkdir -p "{{ .chezmoi.homeDir }}/.config/chezmoi"
       age-keygen --output "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
       chmod 400 "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
 fi