phg/.files
0
0
Fork 0
mirror of https://github.com/shokinn/.files.git synced 2025-10-14 02:08:31 +00:00
Code Issues Projects Releases Packages Wiki Activity

Reencrypt encrypted files with new age key; add commands to edit encrypted files and reencrypt them directly when changed

Browse source
This commit is contained in:
Philip Henning 2025-10-05 11:31:13 +02:00
parent cc6e8bf1c9
commit 70b81bd736
6 changed files with 43 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

30
README.md
View file

@ -7,7 +7,7 @@ I manage my dotfiles using [dotdrop](https://github.com/deadc0de6/dotdrop).
### Script ### Script
> [!IMPORTANT] > [!IMPORTANT]
> Copy ssh public/private key for age, to encrypt/decrypt files to `~/.ssh/identities/phg-age-dotfiles` and `~/.ssh/identities/phg-age-dotfiles.pub` > Copy ssh public/private key for age, to encrypt/decrypt files to `~/.age/phg-age-dotfiles` and `~/.age/phg-age-dotfiles.pub`
> Otherwise empty files will be created instead. > Otherwise empty files will be created instead.
```shell ```shell
@ -39,7 +39,7 @@ I manage my dotfiles using [dotdrop](https://github.com/deadc0de6/dotdrop).
brew bundle install --file=~/.files/bootstrap/Brewfile brew bundle install --file=~/.files/bootstrap/Brewfile
``` ```
3. Install `drotdrop` via `uv` (`uv tool install --allow-python-downloads --python 3.11 dotdrop`). 3. Install `drotdrop` via `uv` (`uv tool install --allow-python-downloads --python 3.11 dotdrop`).
4. Copy ssh public/private key for age, to encrypt/decrypt files to `~/.ssh/identities/phg-age-dotfiles` and `~/.ssh/identities/phg-age-dotfiles.pub` 4. Copy ssh public/private key for age, to encrypt/decrypt files to `~/.age/phg-age-dotfiles` and `~/.age/phg-age-dotfiles.pub`
5. Clone dotfiles, install dependencies for dotdrop and install dotfiles. 5. Clone dotfiles, install dependencies for dotdrop and install dotfiles.
```shell ```shell
git clone https://github.com/shokinn/.files ~/.files \ git clone https://github.com/shokinn/.files ~/.files \
@ -63,19 +63,39 @@ Installs/updates will now be automatically decrypted/encrypted.
### Decrypt a dotfile manually ### Decrypt a dotfile manually
```shell ```shell
age --decrypt -i ~/.ssh/identities/phg-age-dotfiles -o <ouput paht for decrypted file> <path to encrypted file> age --decrypt -i ~/.age/phg-age-dotfiles -o <ouput paht for decrypted file> <path to encrypted file>
``` ```
### Encrypt a dotfile manually ### Encrypt a dotfile manually
```shell ```shell
cat <path to plain file> | age -R ~/.ssh/identities/phg-age-dotfiles.pub > <path to encrypted file> cat <path to plain file> | age -a -R ~/.age/phg-age-dotfiles.pub > <path to encrypted file>
``` ```
### Edit an encrypted dotfile ### Edit an encrypted dotfile
TBD 1. Install [age-edit](https://github.com/dbohdan/age-edit)
#### Manual command
**Default editor:**
```shell
age-edit -t /tmp/ -M -a ~/.age/phg-age-dotfiles <path to file to edit>
```
**VS Code as editor:**
```shell
age-edit -e "${HOME}/.local/bin/codew" -t /tmp/ -M -a ~/.age/phg-age-dotfiles <path to file to edit>
```
#### Aliases for file editing
- `ade` uses the default editor
- `cade` uses vs code for editing the file
Both aliases are configured via my `.zshrc`.
## Backup/Restore settings for macOS native user preferences ## Backup/Restore settings for macOS native user preferences

13
config.yaml
View file

@ -3,15 +3,15 @@ config:
create: true create: true
dotpath: dotfiles dotpath: dotfiles
variables: variables:
ageidentity: ${{HOME}}/.ssh/identities/phg-age-dotfiles ageidentity: ${{HOME}}/.age/phg-age-dotfiles
SHELL_ERR_MESSAGE: '\033[41;30m' SHELL_ERR_MESSAGE: \033[41;30m
SHELL_RESET_COLOR: '\033[0m' SHELL_RESET_COLOR: \033[0m
trans_install: trans_install:
_decrypt: | _decrypt: |
[[ -f {{@@ ageidentity @@}} ]] && age --decrypt -i {{@@ ageidentity @@}} -o {1} {0} || ([[ ! -f {{@@ _dotfile_abs_dst @@}} ]] && (echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}, cannot decrypt {0}, creating empty file instead{{@@ SHELL_RESET_COLOR @@}}"; echo "" > {1}) || (echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}, cannot decrypt {0}{{@@ SHELL_RESET_COLOR @@}}"; cp {{@@ _dotfile_abs_dst @@}} {1})) [[ -f {{@@ ageidentity @@}} ]] && age --decrypt -i {{@@ ageidentity @@}} -o {1} {0} || ([[ ! -f {{@@ _dotfile_abs_dst @@}} ]] && (echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}, cannot decrypt {0}, creating empty file instead{{@@ SHELL_RESET_COLOR @@}}"; echo "" > {1}) || (echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}, cannot decrypt {0}{{@@ SHELL_RESET_COLOR @@}}"; cp {{@@ _dotfile_abs_dst @@}} {1}))
trans_update: trans_update:
_encrypt: | _encrypt: |
[[ -f {{@@ ageidentity @@}}.pub ]] && cat {0} | age -R {{@@ ageidentity @@}}.pub > {1} || echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}.pub, cannot encrypt {0}{{@@ SHELL_RESET_COLOR @@}}" [[ -f {{@@ ageidentity @@}}.pub ]] && cat {0} | age -a -R {{@@ ageidentity @@}}.pub > {1} || echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}.pub, cannot encrypt {0}{{@@ SHELL_RESET_COLOR @@}}"
actions: actions:
oh-my-zsh: | oh-my-zsh: |
[[ ! -d ${{HOME}}/.oh-my-zsh ]] && sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" "" --unattended || echo "do nothing" >/dev/null [[ ! -d ${{HOME}}/.oh-my-zsh ]] && sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" "" --unattended || echo "do nothing" >/dev/null
@ -163,6 +163,10 @@ dotfiles:
dst: ~/.finicky.js dst: ~/.finicky.js
trans_install: _decrypt trans_install: _decrypt
trans_update: _encrypt trans_update: _encrypt
f_codew:
src: local/bin/codew
dst: ~/.local/bin/codew
chmod: '700'
profiles: profiles:
meta_base: meta_base:
variables: variables:
@ -172,6 +176,7 @@ profiles:
dotfiles: dotfiles:
- d_colors - d_colors
- f_agenix_helper - f_agenix_helper
- f_codew
- f_commonfunc - f_commonfunc
- f_config - f_config
- f_p10k_mise - f_p10k_mise

BIN
config/Firefox/sidebery-data-2025.10.02-18.02.01.json.age
View file

Binary file not shown.

BIN
dotfiles/finicky.js
View file

Binary file not shown.

7
dotfiles/local/bin/codew Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env zsh
#
# {{@@ header() @@}}
#
code -w ${@}

2
dotfiles/zshrc
View file

@ -184,6 +184,8 @@ alias agenix='RULES='\''./secrets/secrets.nix'\'' agenix'
alias agenix-edit="agenix -i {{@@ env['HOME'] @@}}/.ssh/identities/agenix-phg -e" alias agenix-edit="agenix -i {{@@ env['HOME'] @@}}/.ssh/identities/agenix-phg -e"
alias ane='agenix-edit' alias ane='agenix-edit'
alias cane="EDITOR='code -w' agenix-edit" alias cane="EDITOR='code -w' agenix-edit"
alias ade='age-edit -t /tmp/ -M -a {{@@ env['HOME'] @@}}/.age/phg-age-dotfiles'
alias cade='age-edit -e "${HOME}/.local/bin/codew" -t /tmp/ -M -a {{@@ env['HOME'] @@}}/.age/phg-age-dotfiles'
alias du="duf" alias du="duf"
alias ssh-no-check="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" alias ssh-no-check="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
alias ssh-strongbox-keys="SSH_AUTH_SOCK=~/Library/Group\ Containers/group.strongbox.mac.mcguill/agent.sock ssh-add -l" alias ssh-strongbox-keys="SSH_AUTH_SOCK=~/Library/Group\ Containers/group.strongbox.mac.mcguill/agent.sock ssh-add -l"