From 5041fc74725621fb420746823f8708b2ed1b6af9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 23 Mar 2021 18:07:26 +0000 Subject: [PATCH] project: add bootstrap script --- bootstrap.sh | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100755 bootstrap.sh diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..a3f9ac9 --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p bitwarden-cli git gnupg jq nixFlakes + +# Command failure is script failure +set -e + +BOLD_RED="\e[0;1;31m" +BOLD_BLUE="\e[0;1;34m" +BOLD_GREEN="\e[0;1;32m" + +RESET="\e[0m" + +DEST="$HOME/.config/nixpkgs" +BW_SESSION="" + +warn() { + echo -e "${BOLD_RED}$1${RESET}" +} + +info() { + echo -e "${BOLD_BLUE}$1${RESET}" +} + +success() { + echo -e "${BOLD_GREEN}$1${RESET}" +} + +set_perm() { + # $1: destination + # $2: permissions + + chmod "$2" "$1" && success "--> Set permission of $1 to $2" +} + +get_doc() { + # $1: name of folder which contains the wanted document + # $2: name of the document + # $3: destination + # $4: permissions + + local FOLDER_ID + local NOTES + FOLDER_ID="$(bw list folders | + jq '.[] | select(.name == "'"$1"'") | .id' | + cut -d'"' -f2)" + + NOTES="$(bw list items --folderid "$FOLDER_ID" | + jq '.[] | select(.name == "'"$2"'") | .notes' | + cut -d'"' -f2)" + + printf "%b" "$NOTES" > "$3" + set_perm "$3" "$4" +} + +get_ssh() { + mkdir -p "$HOME/.ssh" && info "-> Creating .ssh folder." + chmod 700 "$HOME/.ssh" && info "--> Modifying permissions of .ssh folder." + + get_doc "SysAdmin/SSH" "shared-key-public" "$HOME/.ssh/shared_rsa.pub" 644 + get_doc "SysAdmin/SSH" "shared-key-private" "$HOME/.ssh/shared_rsa" 600 +} + +get_pgp() { + local KEY + KEY=key.asc + get_doc "SysAdmin/PGP" "pgp-key-private" "$KEY" 644 + + gpg \ + --pinentry-mode loopback \ + --import "$KEY" + printf '5\ny\n' | + gpg \ + --command-fd 0 \ + --pinentry-mode loopback \ + --edit-key 'Bruno BELANYI' \ + trust + rm "$KEY" +} + +get_creds() { + BW_SESSION="$(bw login --raw)" + export BW_SESSION + + get_ssh + get_pgp +} + +setup_gpg() { + info 'Setting up loopback pinentry for GnuPG' + echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf + + info 'Signing dummy message to ensure GnuPG key is usable by `git-crypt`' + echo whatever | gpg --clearsign --armor --pinentry loopback --output /dev/null +} + +[ -z "$NOCREDS" ] && get_creds +[ -z "$NOGPG" ] && setup_gpg + +nix --experimental-features 'nix-command flakes' develop