From 5041fc74725621fb420746823f8708b2ed1b6af9 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 23 Mar 2021 18:07:26 +0000
Subject: [PATCH] project: add bootstrap script

---
 bootstrap.sh | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100755 bootstrap.sh

diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100755
index 0000000..a3f9ac9
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,99 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash -p bitwarden-cli git gnupg jq nixFlakes
+
+# Command failure is script failure
+set -e
+
+BOLD_RED="\e[0;1;31m"
+BOLD_BLUE="\e[0;1;34m"
+BOLD_GREEN="\e[0;1;32m"
+
+RESET="\e[0m"
+
+DEST="$HOME/.config/nixpkgs"
+BW_SESSION=""
+
+warn() {
+    echo -e "${BOLD_RED}$1${RESET}"
+}
+
+info() {
+    echo -e "${BOLD_BLUE}$1${RESET}"
+}
+
+success() {
+    echo -e "${BOLD_GREEN}$1${RESET}"
+}
+
+set_perm() {
+    # $1: destination
+    # $2: permissions
+
+    chmod "$2" "$1" && success "--> Set permission of $1 to $2"
+}
+
+get_doc() {
+    # $1: name of folder which contains the wanted document
+    # $2: name of the document
+    # $3: destination
+    # $4: permissions
+
+    local FOLDER_ID
+    local NOTES
+    FOLDER_ID="$(bw list folders |
+        jq '.[] | select(.name == "'"$1"'") | .id' |
+        cut -d'"' -f2)"
+
+    NOTES="$(bw list items --folderid "$FOLDER_ID" |
+        jq '.[] | select(.name == "'"$2"'") | .notes' |
+        cut -d'"' -f2)"
+
+    printf "%b" "$NOTES" > "$3"
+    set_perm "$3" "$4"
+}
+
+get_ssh() {
+    mkdir -p "$HOME/.ssh" && info "-> Creating .ssh folder."
+    chmod 700 "$HOME/.ssh" && info "--> Modifying permissions of .ssh folder."
+
+    get_doc "SysAdmin/SSH" "shared-key-public" "$HOME/.ssh/shared_rsa.pub" 644
+    get_doc "SysAdmin/SSH" "shared-key-private" "$HOME/.ssh/shared_rsa" 600
+}
+
+get_pgp() {
+    local KEY
+    KEY=key.asc
+    get_doc "SysAdmin/PGP" "pgp-key-private" "$KEY" 644
+
+    gpg \
+        --pinentry-mode loopback \
+        --import "$KEY"
+    printf '5\ny\n' |
+        gpg \
+            --command-fd 0 \
+            --pinentry-mode loopback \
+            --edit-key 'Bruno BELANYI' \
+            trust
+    rm "$KEY"
+}
+
+get_creds() {
+    BW_SESSION="$(bw login --raw)"
+    export BW_SESSION
+
+    get_ssh
+    get_pgp
+}
+
+setup_gpg() {
+    info 'Setting up loopback pinentry for GnuPG'
+    echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
+
+    info 'Signing dummy message to ensure GnuPG key is usable by `git-crypt`'
+    echo whatever | gpg --clearsign --armor --pinentry loopback --output /dev/null
+}
+
+[ -z "$NOCREDS" ] && get_creds
+[ -z "$NOGPG" ] && setup_gpg
+
+nix --experimental-features 'nix-command flakes' develop