#! /bin/sed 2,5!d;s/^#.// # This script must be sourced from within a shell # and not executed. For instance with: # # . ~/.commonfunc # # {{@@ header() @@}} # # age encryption / decryption helpers # based on https://git.sr.ht/~digital/secretFiles if [[ $(command -v age) ]]; then # get recipients for age file to encrypt with ageGetRecipientsList() { local target="${1}" local search="${target}" local recipients=( "-R" "secrets/hostkeys/masterkey.pubkey" ) local recip while true; do if test -d "${search}.recipients"; then for recip in $(ls ${search}.recipients) ; do if test -n "${recip}"; then recipients+=("-R" "${search}.recipients/${recip}") fi done elif test -f "${search}.recipients"; then recipients+=( "-R" "${search}.recipients") fi if test "$(realpath ${search})" = "$(realpath $(pwd))"; then break fi search=$(dirname "${search}") done echo "${recipients[@]}" } age-gen-key() { set -efu -o pipefail local keyname="${1}" mkdir -p "secrets/hostkeys/" echo "generating new keys for host ${keyname}"; age-keygen \ 2> "secrets/hostkeys/${keyname}.pubkey" \ | age -p --armor -e -o "secrets/hostkeys/${keyname}.privkey" sed -i 's/Public key: //' "secrets/hostkeys/${keyname}.pubkey" set +efu +o pipefail } age-import-secret() { set -euf -o pipefail local secret_path="${1}" local recipients_list=$(ageGetRecipientsList "${secret_path}") local dirname="$(dirname ${secret_path})" local identity="${MASTERKEY_FILE:-secrets/hostkeys/masterkey.privkey}" mkdir -p "${dirname}" age ${recipients_list[@]} --encrypt --armor --output "${secret_path}" set +efu +o pipefail } age-edit-file() { set -euf -o pipefail local current_umask=$(umask) umask 177 local secret_path="${1}" local tmp_path="$(mktemp -p /dev/shm)" local recipients_list=$(ageGetRecipientsList "${secret_path}") local identity="${MASTERKEY_FILE:-$([[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && echo -n "$(realpath "secrets/hostkeys/masterkey.privkey")" || echo -n "/dev/stdin")}" # [[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && local identity="$(realpath "secrets/hostkeys/masterkey.privkey")" || if test -e "${secret_path}"; then set +e +o pipefail age \ --decrypt \ --identity "${identity}" \ --output "${tmp_path}" \ "${secret_path}" || local decrypt_failed=true set -e -o pipefail else # if file descriptor 0 is not a terminal, ie if /dev/stdin is a pipe if [ ! -t 0 ]; then cat "${identity}" > /dev/null fi fi if [[ ! ${decrypt_failed:-} ]]; then local mod_time_before=$(stat --format "%Y" "${tmp_path}") ${EDITOR} "${tmp_path}" local mod_time_after=$(stat --format "%Y" "${tmp_path}") if test "${mod_time_before}" != "${mod_time_after}"; then echo "change detected, reencrypting file" > /dev/stderr age ${recipients_list[@]} --encrypt --armor --output "${secret_path}" "${tmp_path}" else echo "no change detected, not reencrypting file" > /dev/stderr fi fi rm "${tmp_path}" umask ${current_umask} set +efu +o pipefail } age-reencrypt-all() { set -euf -o pipefail local current_umask=$(umask) umask 177 local identity="${1:-/dev/stdin}" local identity_file="$(mktemp -u -p /dev/shm)" # make the identity file reuseable, in case it actually is /dev/stdin umask 177 cat "${identity}" > "${identity_file}" find "secrets" -type f -not -name "*\.recipients" \ | grep -v "^secrets/hostkeys/"| while read line; do if ! grep -q "^-----BEGIN AGE ENCRYPTED FILE-----$" "${line}"; then echo "skipping unecrypted file '${line}'" continue fi local recipients=$(ageGetRecipientsList "${line}") echo "reencrypting '${line}' for recipients ${recipients[@]}" local content="$(age --decrypt \ --identity "${identity_file}" \ "${line}" \ )" || { echo "ERROR: failed decryption of '${line}'" > /dev/stderr echo "aborting and leaving secrets store in an inconsistent state" > /dev/stderr exit 2 } if test $? -eq 0 ; then echo -n "${content}" \ | age ${recipients[@]} \ --encrypt \ --armor \ --output "${line}" fi done rm "${identity_file}" umask ${current_umask} set +efu +o pipefail echo "SUCCESS" > /dev/stderr } fi # eza - set aliasses for eza to use it as ls replacement if [[ $(command -v eza) ]]; then ezafunc() { eza -l -F -g -h --git --group-directories-first --icons ${@:-} } lfunc() { ezafunc -T -L ${@:-} } lafunc() { ezafunc -a -T -L ${@:-} } lefunc() { ezafunc -a -T -L ${@:-} --extended } alias l='lfunc 1' alias la='lafunc 1' alias le='lefunc 1' alias ll='lfunc 2' alias lla='lafunc 2' alias lle='lefunc 2' fi # wttr - show the weather forecast in Terminal wttr() { if [ -z "${1}" ]; then curl http://wttr.in elif [[ "${1}" == "help" ]]; then cat << EOF usage: wttr (City|3-letter airport code|'~Special+Location') City: Just write down the name of the city. e.G.: wttr London 3-letter airport code: Use 3-letter airport codes in order to get the weather information at a certain airport. e.G.: wttr muc #for Munich Internation Airpot, Germany Special Location: Let's say you'd like to get the weather for a geographical location other than a town or city - maybe an attraction in a city, a mountain name, or some special location. Add the character '~' before the name to look up that special location name before the weather is then retrieved. e.G.: wttr '~Eiffel+Tower' wttr '~Kilimanjaro' EOF else curl http://wttr.in/${1} fi } {%@@ if profile == 'WVDEWOBMC001307' @@%} macnst (){ netstat -Watnlv | grep LISTEN | awk '{"ps -o comm= -p " $9 | getline procname;colred="\033[01;31m";colclr="\033[0m"; print colred "proto: " colclr $1 colred " | addr.port: " colclr $4 colred " | pid: " colclr $9 colred " | name: " colclr procname; }' | column -t -s "|" } function setProxyEnv(){ local HIGHLIGHT='\033[36;1m' local RESET='\033[0;0m' local PROXY='127.0.0.1:9000' local PROXY_CFG_HTTP="${PROXY}" local PROXY_CFG_HTTPS="${PROXY}" local NO_PROXY_CFG="127.0.0.1,localhost,vw.vwg" export NO_PROXY="${NO_PROXY_CFG}" export no_proxy="${NO_PROXY_CFG}" export HTTP_PROXY="${PROXY_CFG_HTTP}" export HTTPS_PROXY="${PROXY_CFG_HTTPS}" export http_proxy="${PROXY_CFG_HTTP}" export https_proxy="${PROXY_CFG_HTTPS}" export GIT_SSH_COMMAND='ssh -o ProxyCommand="/opt/homebrew/bin/corkscrew localhost 9000 %h %p"' echo -e "\nāœˆļø exported zscaler proxy: ${HIGHLIGHT}http://${PROXY}${RESET}" } function unsetProxyEnv(){ unset NO_PROXY unset HTTP_PROXY unset HTTPS_PROXY unset no_proxy unset http_proxy unset https_proxy unset GIT_SSH_COMMAND echo -e "\nšŸ”„ removed zscaler proxy cofiguration" } function setVpnGitRemote(){ local ORIGIN=vpn #e.g. local HIGHLIGHT='\033[36;1m' local RESET='\033[0;0m' local repo="ssh://git@vpn.github.com:443/${$(git config remote.origin.url)#*git@github.com:}" git remote add ${ORIGIN} "${repo}" 2> /dev/null echo -e "šŸ”— git remote (${HIGHLIGHT}${ORIGIN}${RESET}): ${HIGHLIGHT}${repo}${RESET}\n" } {%@@ endif @@%}