Allow multiple recipients for age encryption

- Add input for role for work and personal - Remove unused values in chezmoi data - Expect age.key instead of having the public key in the path
1 week ago · f6ed0f750e
parent de14c30c48
commit f6ed0f750e
7 changed files with 31 additions and 51 deletions
--- a/.chezmoi.toml.tmpl
+++ b/.chezmoi.toml.tmpl
@ -1,21 +1,23 @@
-{{- $development := promptBoolOnce . "development" "is this a development environment [false]" -}}
-{{- $personal_dev := promptBoolOnce . "personal_dev" "is this a personal development environment [false]" -}}
-{{- $git_email := promptStringOnce . "git_email" "email to use in git config" -}}
+{{- $role_choices := list "none" "personal" "work" "server" -}}
+{{- $role := promptChoiceOnce . "role" "machine role" $role_choices -}}
 {{- $git_name := promptStringOnce . "git_name" "name to use in git config" -}}
+{{- $git_email := promptStringOnce . "git_email" "email to use in git config" -}}
 {{- $include_legacy := promptBoolOnce . "include_legacy" "include old scripts [false]" -}}
-{{- $work := promptBoolOnce . "work" "include work tools [false]" -}}
-{{- $age_key := promptStringOnce . "age_key" "age public key of recipient" -}}

 encryption = "age"

 [age]
-identity = "{{ .chezmoi.homeDir }}/.config/chezmoi/{{ $age_key }}.key"
-recipient = "{{ $age_key }}"
+identity = "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
+recipients = [
+{{- if eq $role "personal" }}
+    "age1sy9etyqzwrjvpw0udxchp5u3jlm78h2c5fqprur7yyq23ngkkaxswzsnq5",
+{{- else if eq $role "work" }}
+    "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm",
+{{- end }}
+]

 [data]
-age_key = "{{ $age_key }}"
-development = {{ $development }}
-git_email = "{{ $git_email }}"
+role = "{{ $role }}"
 git_name = "{{ $git_name }}"
-personal_dev = {{ $personal_dev }}
+git_email = "{{ $git_email }}"
 include_legacy = {{ $include_legacy }}
--- a/.chezmoiignore
+++ b/.chezmoiignore
@ -1,16 +1,15 @@
 /.idea
 /README.md
-/scripts/
-/key.txt.age
+/scripts
 {{- if not .include_legacy }}
 /.local/share/duck-encoder
 {{- end }}
-{{- if ne .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+{{- if ne .role "personal" }}
+/.config/git/config.d/personal.config
+/.ssh
+{{- end }}
+{{- if ne .role "work" }}
 /.config/nushell/lib/work
 /.config/nushell/lib/work/mod.nu
 /.config/git/config.d/work.config
 {{- end }}
-{{- if ne .age_key "age1sy9etyqzwrjvpw0udxchp5u3jlm78h2c5fqprur7yyq23ngkkaxswzsnq5" }}
-/.config/git/config.d/personal.config
-/.ssh
-{{- end }}
--- a/dot_config/bash/bashrc.d/base.sh.tmpl
+++ b/dot_config/bash/bashrc.d/base.sh.tmpl
@ -33,10 +33,8 @@ if test -r ~/.dircolors; then
 fi
 #{{- end }}

-#{{ if .development -}}
 if [[ -d "${XDG_DATA_HOME}/JetBrains/Toolbox/scripts" ]]; then
 	if [[ ":${PATH}:" != *":${XDG_DATA_HOME}/JetBrains/Toolbox/scripts:"* ]]; then
 		export PATH="${PATH}:${XDG_DATA_HOME}/JetBrains/Toolbox/scripts"
 	fi
 fi
-#{{- end }}
--- a/dot_config/ideavim/ideavimrc.tmpl
+++ b/dot_config/ideavim/ideavimrc.tmpl
@ -1,6 +1,5 @@
 # chezmoi:template:left-delimiter="{{
 "{{- /* vim: set filetype=vim: */ -}}
-"{{ if .development -}}
 set visualbell
 set noerrorbells
 set relativenumber
@ -162,4 +161,3 @@ set noerrorbells
 set novisualbell
 set t_vb=
 set timeoutlen=500
-"{{- end }}
--- a/dot_config/nushell/config.nu.tmpl
+++ b/dot_config/nushell/config.nu.tmpl
@ -6,7 +6,8 @@ source xdg.nu
 use themes.nu
 use completions *
 use inspect
-#{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+
+#{{- if eq .role "work" }}
 overlay use work
 #{{- end }}

@ -26,10 +27,8 @@ $env.config = {
    use_kitty_protocol: false

    plugins: {
-        #{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
-        nupsql: (do {
-            dbs nuql config
-        })
+        #{{- if eq .role "work" }}
+        nupsql: (dbs nuql config)
        #{{- end }}
    }

@ -801,6 +800,6 @@ $env.config = {
    ]
 }

-#{{- if eq .age_key "age1htqslfl4d5uv76j8eg49u9njqjx5udj9jmg3ujf2gxjjm06z0vqqwz6tlm" }}
+#{{- if eq .role "work" }}
 dbs nuql auth
 #{{- end }}
--- a/dot_config/vim/settings.vim.tmpl
+++ b/dot_config/vim/settings.vim.tmpl
@ -17,29 +17,6 @@ let g:onedark_terminal_italics = 1

 let g:UltiSnipsSnippetDirectories = [ 'UltiSnips', 'snips' ]

-"{{ if .development }}
-let g:sql_type_default = 'pgsql'
-
-""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-" ALE
-let g:ale_sign_error = '→'
-let g:ale_sign_warning = '‽'
-let g:ale_echo_msg_format = '%s [%severity%] [%linter%]'
-let g:ale_set_loclist = 0
-let g:ale_set_quickfix = 1
-"{{- if lookPath "golangci-lint" }}
-let g:ale_go_golangci_lint_package = 1
-"{{- end }}
-
-augroup linters
-    autocmd!
-    autocmd FileType javascript let g:ale_linters['javascript'] = ['eslint']
-"{{- if lookPath "golangci-lint" }}
-    autocmd FileType go let g:ale_linters['go'] = ['golangci-lint']
-"{{- end }}
-augroup END
-"{{ end }}
-
 """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 " NERDTree
 let g:NERDTreeDirArrowExpandable = '▸'
--- a/run_once_before_ensure-age-key.sh.tmpl
+++ b/run_once_before_ensure-age-key.sh.tmpl
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+if [ ! -f "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key" ]; then
+       mkdir -p "{{ .chezmoi.homeDir }}/.config/chezmoi"
+       age-keygen --output "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
+       chmod 400 "{{ .chezmoi.homeDir }}/.config/chezmoi/age.key"
+fi