.files/dotfiles/commonfunc

259 lines
7.6 KiB
Sed
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#! /bin/sed 2,5!d;s/^#.//
# This script must be sourced from within a shell
# and not executed. For instance with:
#
# . ~/.commonfunc
#
# {{@@ header() @@}}
#
# age encryption / decryption helpers
# based on https://git.sr.ht/~digital/secretFiles
if [[ $(command -v age) ]]; then
# get recipients for age file to encrypt with
ageGetRecipientsList() {
local target="${1}"
local search="${target}"
local recipients=( "-R" "secrets/hostkeys/masterkey.pubkey" )
local recip
while true; do
if test -d "${search}.recipients"; then
for recip in $(ls ${search}.recipients) ; do
if test -n "${recip}"; then
recipients+=("-R" "${search}.recipients/${recip}")
fi
done
elif test -f "${search}.recipients"; then
recipients+=( "-R" "${search}.recipients")
fi
if test "$(realpath ${search})" = "$(realpath $(pwd))"; then
break
fi
search=$(dirname "${search}")
done
echo "${recipients[@]}"
}
age-gen-key() {
set -efu -o pipefail
local keyname="${1}"
mkdir -p "secrets/hostkeys/"
echo "generating new keys for host ${keyname}";
age-keygen \
2> "secrets/hostkeys/${keyname}.pubkey" \
| age -p --armor -e -o "secrets/hostkeys/${keyname}.privkey"
sed -i 's/Public key: //' "secrets/hostkeys/${keyname}.pubkey"
set +efu +o pipefail
}
age-import-secret() {
local data=$(</dev/stdin);
set -euf -o pipefail
local secret_path="${1}"
local recipients_list=$(ageGetRecipientsList "${secret_path}")
local dirname="$(dirname ${secret_path})"
local identity="${MASTERKEY_FILE:-secrets/hostkeys/masterkey.privkey}"
mkdir -p "${dirname}"
echo -n ${data} | age $(sed -e "s/^\'//" -e "s/\'$//" <<<"${recipients_list[@]}") --encrypt --armor --output "${secret_path}"
set +efu +o pipefail
}
age-edit-file() {
set -euf -o pipefail
local current_umask=$(umask)
umask 177
local secret_path="${1}"
local tmp_path="$(mktemp -p /dev/shm)"
local recipients_list=$(ageGetRecipientsList "${secret_path}")
local identity="${MASTERKEY_FILE:-$([[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && echo -n "$(realpath "secrets/hostkeys/masterkey.privkey")" || echo -n "/dev/stdin")}"
# [[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && local identity="$(realpath "secrets/hostkeys/masterkey.privkey")" ||
if test -e "${secret_path}"; then
set +e +o pipefail
age \
--decrypt \
--identity "${identity}" \
--output "${tmp_path}" \
"${secret_path}" || local decrypt_failed=true
set -e -o pipefail
else
# if file descriptor 0 is not a terminal, ie if /dev/stdin is a pipe
if [ ! -t 0 ]; then
cat "${identity}" > /dev/null
fi
fi
if [[ ! ${decrypt_failed:-} ]]; then
local mod_time_before=$(stat --format "%Y" "${tmp_path}")
${EDITOR} "${tmp_path}"
local mod_time_after=$(stat --format "%Y" "${tmp_path}")
if test "${mod_time_before}" != "${mod_time_after}"; then
echo "change detected, reencrypting file" > /dev/stderr
age ${recipients_list[@]} --encrypt --armor --output "${secret_path}" "${tmp_path}"
else
echo "no change detected, not reencrypting file" > /dev/stderr
fi
fi
rm "${tmp_path}"
umask ${current_umask}
set +efu +o pipefail
}
age-reencrypt-all() {
set -euf -o pipefail
local current_umask=$(umask)
umask 177
local identity="${1:-/dev/stdin}"
local identity_file="$(mktemp -u -p /dev/shm)"
# make the identity file reuseable, in case it actually is /dev/stdin
umask 177
cat "${identity}" > "${identity_file}"
find "secrets" -type f -not -name "*\.recipients" \
| grep -v "^secrets/hostkeys/"| while read line; do
if ! grep -q "^-----BEGIN AGE ENCRYPTED FILE-----$" "${line}"; then
echo "skipping unecrypted file '${line}'"
continue
fi
local recipients=$(ageGetRecipientsList "${line}")
echo "reencrypting '${line}' for recipients ${recipients[@]}"
local content="$(age --decrypt \
--identity "${identity_file}" \
"${line}" \
)" || {
echo "ERROR: failed decryption of '${line}'" > /dev/stderr
echo "aborting and leaving secrets store in an inconsistent state" > /dev/stderr
exit 2
}
if test $? -eq 0 ; then
echo -n "${content}" \
| age ${recipients[@]} \
--encrypt \
--armor \
--output "${line}"
fi
done
rm "${identity_file}"
umask ${current_umask}
set +efu +o pipefail
echo "SUCCESS" > /dev/stderr
}
fi
# eza - set aliasses for eza to use it as ls replacement
if [[ $(command -v eza) ]]; then
ezafunc() {
eza -l -F -g -h --git --group-directories-first --icons ${@:-}
}
lfunc() {
ezafunc -T -L ${@:-}
}
lafunc() {
ezafunc -a -T -L ${@:-}
}
lefunc() {
ezafunc -a -T -L ${@:-} --extended
}
alias l='lfunc 1'
alias la='lafunc 1'
alias le='lefunc 1'
alias ll='lfunc 2'
alias lla='lafunc 2'
alias lle='lefunc 2'
fi
# wttr - show the weather forecast in Terminal
wttr() {
if [ -z "${1}" ]; then
curl http://wttr.in
elif [[ "${1}" == "help" ]]; then
cat << EOF
usage: wttr (City|3-letter airport code|'~Special+Location')
City:
Just write down the name of the city.
e.G.:
wttr London
3-letter airport code:
Use 3-letter airport codes in order to get the weather information at a certain airport.
e.G.:
wttr muc #for Munich Internation Airpot, Germany
Special Location:
Let's say you'd like to get the weather for a geographical location other than a town or city -
maybe an attraction in a city, a mountain name, or some special location.
Add the character '~' before the name to look up that special location name before the weather is then retrieved.
e.G.:
wttr '~Eiffel+Tower'
wttr '~Kilimanjaro'
EOF
else
curl http://wttr.in/${1}
fi
}
{%@@ if profile == 'WVDEWOBMC001307' @@%}
macnst (){
netstat -Watnlv | grep LISTEN | awk '{"ps -o comm= -p " $9 | getline procname;colred="\033[01;31m";colclr="\033[0m"; print colred "proto: " colclr $1 colred " | addr.port: " colclr $4 colred " | pid: " colclr $9 colred " | name: " colclr procname; }' | column -t -s "|"
}
function setProxyEnv(){
local HIGHLIGHT='\033[36;1m'
local RESET='\033[0;0m'
local PROXY='127.0.0.1:9000'
local PROXY_CFG_HTTP="${PROXY}"
local PROXY_CFG_HTTPS="${PROXY}"
local NO_PROXY_CFG="127.0.0.1,localhost,vw.vwg"
export NO_PROXY="${NO_PROXY_CFG}"
export no_proxy="${NO_PROXY_CFG}"
export HTTP_PROXY="${PROXY_CFG_HTTP}"
export HTTPS_PROXY="${PROXY_CFG_HTTPS}"
export http_proxy="${PROXY_CFG_HTTP}"
export https_proxy="${PROXY_CFG_HTTPS}"
export GIT_SSH_COMMAND='ssh -o ProxyCommand="/opt/homebrew/bin/corkscrew localhost 9000 %h %p"'
echo -e "\n✈ exported zscaler proxy: ${HIGHLIGHT}http://${PROXY}${RESET}"
}
function unsetProxyEnv(){
unset NO_PROXY
unset HTTP_PROXY
unset HTTPS_PROXY
unset no_proxy
unset http_proxy
unset https_proxy
unset GIT_SSH_COMMAND
echo -e "\n🔄 removed zscaler proxy cofiguration"
}
function setVpnGitRemote(){
local ORIGIN=vpn #e.g.
local HIGHLIGHT='\033[36;1m'
local RESET='\033[0;0m'
local repo="ssh://git@vpn.github.com:443/${$(git config remote.origin.url)#*git@github.com:}"
git remote add ${ORIGIN} "${repo}" 2> /dev/null
echo -e "🔗 git remote (${HIGHLIGHT}${ORIGIN}${RESET}): ${HIGHLIGHT}${repo}${RESET}\n"
}
{%@@ endif @@%}