.files/dotfiles/commonfunc

#! /bin/sed 2,5!d;s/^#.//
# This script must be sourced from within a shell
# and not executed. For instance with:
# 
#   . ~/.commonfunc

#
# {{@@ header() @@}}
#

# age encryption / decryption helpers
# based on https://git.sr.ht/~digital/secretFiles
if [[ $(command -v age) ]]; then
  # get recipients for age file to encrypt with
  ageGetRecipientsList() {
    local target="${1}"
    local search="${target}"
    local recipients=( "-R" "secrets/hostkeys/masterkey.pubkey" )
    local recip
    while true; do
      if test -d "${search}.recipients"; then
        for recip in $(ls ${search}.recipients) ; do
          if test -n "${recip}"; then
            recipients+=("-R" "${search}.recipients/${recip}")
          fi
        done
      elif test -f "${search}.recipients"; then
        recipients+=( "-R" "${search}.recipients")
      fi
      if test "$(realpath ${search})" = "$(realpath $(pwd))"; then
        break
      fi
      search=$(dirname "${search}")
    done
    echo "${recipients[@]}"
  }

  age-gen-key() {
    set -efu -o pipefail

    local keyname="${1}"

    mkdir -p "secrets/hostkeys/"
    echo "generating new keys for host ${keyname}";
    age-keygen \
      2> "secrets/hostkeys/${keyname}.pubkey" \
      | age -p --armor -e -o "secrets/hostkeys/${keyname}.privkey"
    sed -i 's/Public key: //' "secrets/hostkeys/${keyname}.pubkey"

    set +efu +o pipefail
  }

  age-import-secret() {
    local data=$(</dev/stdin);
    set -euf -o pipefail

    local secret_path="${1}"
    local recipients_list=$(ageGetRecipientsList "${secret_path}")
    local dirname="$(dirname ${secret_path})"
    local identity="${MASTERKEY_FILE:-secrets/hostkeys/masterkey.privkey}"

    mkdir -p "${dirname}"

    echo -n ${data} | age $(sed -e "s/^\'//" -e "s/\'$//" <<<"${recipients_list[@]}") --encrypt --armor --output "${secret_path}"

    set +efu +o pipefail
  }

  age-edit-file() {
    set -euf -o pipefail
    local current_umask=$(umask)
    umask 177

    local secret_path="${1}"
    local tmp_path="$(mktemp -p /dev/shm)"
    local recipients_list=$(ageGetRecipientsList "${secret_path}")
    local identity="${MASTERKEY_FILE:-$([[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && echo -n "$(realpath "secrets/hostkeys/masterkey.privkey")" || echo -n "/dev/stdin")}"
    # [[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && local identity="$(realpath "secrets/hostkeys/masterkey.privkey")" || 

    if test -e "${secret_path}"; then
      set +e +o pipefail

      age \
        --decrypt \
        --identity "${identity}" \
        --output "${tmp_path}" \
        "${secret_path}" || local decrypt_failed=true
      
      set -e -o pipefail
    else
      # if file descriptor 0 is not a terminal, ie if /dev/stdin is a pipe
      if [ ! -t 0 ]; then
        cat "${identity}" > /dev/null
      fi
    fi

    if [[ ! ${decrypt_failed:-} ]]; then
      local mod_time_before=$(stat --format "%Y" "${tmp_path}")
      ${EDITOR} "${tmp_path}"
      local mod_time_after=$(stat --format "%Y" "${tmp_path}")

      if test "${mod_time_before}" != "${mod_time_after}"; then
        echo "change detected, reencrypting file" > /dev/stderr
        age ${recipients_list[@]} --encrypt --armor --output "${secret_path}" "${tmp_path}"
      else
        echo "no change detected, not reencrypting file" > /dev/stderr
      fi
    fi

    rm "${tmp_path}"

    umask ${current_umask}
    set +efu +o pipefail
  }

  age-reencrypt-all() {
    set -euf -o pipefail
    local current_umask=$(umask)
    umask 177

    local identity="${1:-/dev/stdin}"
    local identity_file="$(mktemp -u -p /dev/shm)"

    # make the identity file reuseable, in case it actually is /dev/stdin
    umask 177
    cat "${identity}" > "${identity_file}"

    find "secrets" -type f -not -name "*\.recipients" \
        | grep -v "^secrets/hostkeys/"| while read line; do
        if ! grep -q "^-----BEGIN AGE ENCRYPTED FILE-----$" "${line}"; then
            echo "skipping unecrypted file '${line}'"
            continue
        fi
        local recipients=$(ageGetRecipientsList "${line}")
        echo "reencrypting '${line}' for recipients ${recipients[@]}"
        local content="$(age --decrypt \
            --identity "${identity_file}" \
            "${line}" \
        )" || {
            echo "ERROR: failed decryption of '${line}'" > /dev/stderr
            echo "aborting and leaving secrets store in an inconsistent state" > /dev/stderr
            exit 2
        }
        if test $? -eq 0 ; then
            echo -n "${content}" \
                | age ${recipients[@]} \
                --encrypt \
                --armor \
                --output "${line}"
        fi
    done

    rm "${identity_file}"

    umask ${current_umask}
    set +efu +o pipefail

    echo "SUCCESS" > /dev/stderr
  }
fi

# eza - set aliasses for eza to use it as ls replacement
if [[ $(command -v eza) ]]; then
  ezafunc() {
    eza -l -F -g -h --git --group-directories-first --icons ${@:-}
  }
  lfunc() {
    ezafunc -T -L ${@:-}
  }
  lafunc() {
    ezafunc -a -T -L ${@:-}
  }
  lefunc() {
    ezafunc -a -T -L ${@:-} --extended
  }
  alias l='lfunc 1'
  alias la='lafunc 1'
  alias le='lefunc 1'
  alias ll='lfunc 2'
  alias lla='lafunc 2'
  alias lle='lefunc 2'
fi

# wttr - show the weather forecast in Terminal
wttr() {
    if [ -z "${1}" ]; then
        curl http://wttr.in
    elif [[ "${1}" == "help" ]]; then
        cat << EOF
usage: wttr (City|3-letter airport code|'~Special+Location')
  City:
    Just write down the name of the city.
    e.G.:
      wttr London
  3-letter airport code:
    Use 3-letter airport codes in order to get the weather information at a certain airport.
    e.G.:
      wttr muc #for Munich Internation Airpot, Germany
  Special Location:
    Let's say you'd like to get the weather for a geographical location other than a town or city -
    maybe an attraction in a city, a mountain name, or some special location.
    Add the character '~' before the name to look up that special location name before the weather is then retrieved.
    e.G.:
      wttr '~Eiffel+Tower'
      wttr '~Kilimanjaro'
EOF
    else
        curl http://wttr.in/${1}
    fi
}

{%@@ if profile == 'WVDEWOBMC001307' @@%}
macnst (){
  netstat -Watnlv | grep LISTEN | awk '{"ps -o comm= -p " $9 | getline procname;colred="\033[01;31m";colclr="\033[0m"; print colred "proto: " colclr $1 colred " | addr.port: " colclr $4 colred " | pid: " colclr $9 colred " | name: " colclr procname;  }' | column -t -s "|"
}

function setProxyEnv(){
  local HIGHLIGHT='\033[36;1m'
  local RESET='\033[0;0m'

  local PROXY='127.0.0.1:9000'
  local PROXY_CFG_HTTP="${PROXY}"
  local PROXY_CFG_HTTPS="${PROXY}"
  local NO_PROXY_CFG="127.0.0.1,localhost,vw.vwg"
  
  export NO_PROXY="${NO_PROXY_CFG}"
  export no_proxy="${NO_PROXY_CFG}"
  export HTTP_PROXY="${PROXY_CFG_HTTP}"
  export HTTPS_PROXY="${PROXY_CFG_HTTPS}"
  export http_proxy="${PROXY_CFG_HTTP}"
  export https_proxy="${PROXY_CFG_HTTPS}"
  export GIT_SSH_COMMAND='ssh -o ProxyCommand="/opt/homebrew/bin/corkscrew localhost 9000 %h %p"'

  echo -e "\n✈️  exported zscaler proxy: ${HIGHLIGHT}http://${PROXY}${RESET}"
}

function unsetProxyEnv(){
  unset NO_PROXY
  unset HTTP_PROXY
  unset HTTPS_PROXY
  unset no_proxy
  unset http_proxy
  unset https_proxy
  unset GIT_SSH_COMMAND

  echo -e "\n🔄 removed zscaler proxy cofiguration"
}

function setVpnGitRemote(){
  local ORIGIN=vpn #e.g.
  local HIGHLIGHT='\033[36;1m'
  local RESET='\033[0;0m'

  local repo="ssh://git@vpn.github.com:443/${$(git config remote.origin.url)#*git@github.com:}"
  git remote add ${ORIGIN} "${repo}" 2> /dev/null

  echo -e "🔗 git remote (${HIGHLIGHT}${ORIGIN}${RESET}): ${HIGHLIGHT}${repo}${RESET}\n"
}
{%@@ endif @@%}