Add support for encrypted dot files; Add finicky configuration

README.md

@@ -6,6 +6,10 @@ I manage my dotfiles using [dotdrop](https://github.com/deadc0de6/dotdrop).
 
 ### Script
 
+> [!IMPORTANT]  
+> Copy ssh public/private key for age, to encrypt/decrypt files to `~/.ssh/identities/phg-age-dotfiles` and `~/.ssh/identities/phg-age-dotfiles.pub`
+> Otherwise empty files will be created instead.
+
 ```shell
 [[ ! $(command -v brew) ]] && /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" \
   ; eval "$(/opt/homebrew/bin/brew shellenv)" \
@@ -30,21 +34,28 @@ I manage my dotfiles using [dotdrop](https://github.com/deadc0de6/dotdrop).
 ### Manual
 
 1. Install [Homebrew](https://brew.sh/)
-2. Install `coreutils`, `fzf`, `libmagic`, `mas`, `uv` and `zsh` via Homebrew.  
+2. Install `age`, `coreutils`, `fzf`, `libmagic`, `mas`, `uv` and `zsh` via Homebrew.  
    ```shell
    brew bundle install --file=~/.files/bootstrap/Brewfile
    ```
 3. Install `drotdrop` via `uv` (`uv tool install --allow-python-downloads --python 3.11 dotdrop`).
-4. Clone dotfiles, install dependencies for dotdrop and install dotfiles.  
+4. Copy ssh public/private key for age, to encrypt/decrypt files to `~/.ssh/identities/phg-age-dotfiles` and `~/.ssh/identities/phg-age-dotfiles.pub`
+5. Clone dotfiles, install dependencies for dotdrop and install dotfiles.  
    ```shell
    git clone https://github.com/shokinn/.files ~/.files \
    && ~/.local/bin/dotdrop --cfg=~/.files/config.yaml install
    ```
-5. Install my default set of tools:  
+6. Install my default set of tools:  
    ```shell
    brew bundle install --file=~/.files/config/brew/Brewfile
    ```
 
+## Import new files
+
+```shell
+dotdrop import --transw=_encrypt --transr=_decrypt <file>
+```
+
 ## Backup/Restore settings for macOS native user preferences
 
 See here for a defaults documentation: <https://macos-defaults.com/>

bootstrap/Brewfile

@@ -1,3 +1,4 @@
+brew "age"
 brew "coreutils"
 brew "fzf"
 brew "libmagic"

config.yaml

@@ -2,6 +2,16 @@ config:
   backup: true
   create: true
   dotpath: dotfiles
+variables:
+  ageidentity: ${{HOME}}/.ssh/identities/phg-age-dotfiles
+  SHELL_ERR_MESSAGE: '\033[41;30m'
+  SHELL_RESET_COLOR: '\033[0m'
+trans_install:
+  _decrypt: |
+    [[ -f {{@@ ageidentity @@}} ]] && age --decrypt -i {{@@ ageidentity @@}} -o {1} {0} || ([[ ! -f {{@@ _dotfile_abs_dst @@}} ]] && (echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}, cannot decrypt {0}, creating empty file instead{{@@ SHELL_RESET_COLOR @@}}"; echo "" > {1}) || (echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}, cannot decrypt {0}{{@@ SHELL_RESET_COLOR @@}}"; cp {{@@ _dotfile_abs_dst @@}} {1}))
+trans_update:
+  _encrypt: |
+    [[ -f {{@@ ageidentity @@}}.pub ]] && cat {0} | age -R {{@@ ageidentity @@}}.pub > {1} || echo "{{@@ SHELL_ERR_MESSAGE @@}}Missing age identity file {{@@ ageidentity @@}}.pub, cannot encrypt {0}{{@@ SHELL_RESET_COLOR @@}}"
 actions:
   oh-my-zsh: |
     [[ ! -d ${{HOME}}/.oh-my-zsh ]] && sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" "" --unattended || echo "do nothing" >/dev/null
@@ -148,6 +158,11 @@ dotfiles:
   f_p10k_mise:
     dst: ~/.config/zsh/p10k.mise.zsh
     src: config/zsh/p10k.mise.zsh
+  f_finicky.js:
+    src: finicky.js
+    dst: ~/.finicky.js
+    trans_install: _decrypt
+    trans_update: _encrypt
 profiles:
   meta_base:
     variables:
@@ -161,7 +176,6 @@ profiles:
     - f_config
     - f_p10k_mise
     - f_powerlevel10krc
-    - f_rmquarantine
     - f_secretfiles
     - f_vimrc
     - f_zprofile
@@ -193,6 +207,7 @@ profiles:
     - meta_base
     dotfiles:
     - f_rmquarantine
+    - f_finicky.js
   os_ubuntu:
     variables:
       distro: ubuntu