mirror of
https://github.com/shokinn/.files.git
synced 2025-11-04 12:38:10 +00:00
258 lines
No EOL
7.5 KiB
Sed
258 lines
No EOL
7.5 KiB
Sed
#! /bin/sed 2,5!d;s/^#.//
|
||
# This script must be sourced from within a shell
|
||
# and not executed. For instance with:
|
||
#
|
||
# . ~/.commonfunc
|
||
|
||
#
|
||
# {{@@ header() @@}}
|
||
#
|
||
|
||
# age encryption / decryption helpers
|
||
# based on https://git.sr.ht/~digital/secretFiles
|
||
if [[ $(command -v age) ]]; then
|
||
# get recipients for age file to encrypt with
|
||
ageGetRecipientsList() {
|
||
local target="${1}"
|
||
local search="${target}"
|
||
local recipients=( "-R" "secrets/hostkeys/masterkey.pubkey" )
|
||
local recip
|
||
while true; do
|
||
if test -d "${search}.recipients"; then
|
||
for recip in $(ls ${search}.recipients) ; do
|
||
if test -n "${recip}"; then
|
||
recipients+=("-R" "${search}.recipients/${recip}")
|
||
fi
|
||
done
|
||
elif test -f "${search}.recipients"; then
|
||
recipients+=( "-R" "${search}.recipients")
|
||
fi
|
||
if test "$(realpath ${search})" = "$(realpath $(pwd))"; then
|
||
break
|
||
fi
|
||
search=$(dirname "${search}")
|
||
done
|
||
echo "${recipients[@]}"
|
||
}
|
||
|
||
age-gen-key() {
|
||
set -efu -o pipefail
|
||
|
||
local keyname="${1}"
|
||
|
||
mkdir -p "secrets/hostkeys/"
|
||
echo "generating new keys for host ${keyname}";
|
||
age-keygen \
|
||
2> "secrets/hostkeys/${keyname}.pubkey" \
|
||
| age -p --armor -e -o "secrets/hostkeys/${keyname}.privkey"
|
||
sed -i 's/Public key: //' "secrets/hostkeys/${keyname}.pubkey"
|
||
|
||
set +efu +o pipefail
|
||
}
|
||
|
||
age-import-secret() {
|
||
set -euf -o pipefail
|
||
|
||
local secret_path="${1}"
|
||
local recipients_list=$(ageGetRecipientsList "${secret_path}")
|
||
local dirname="$(dirname ${secret_path})"
|
||
local identity="${MASTERKEY_FILE:-secrets/hostkeys/masterkey.privkey}"
|
||
|
||
mkdir -p "${dirname}"
|
||
|
||
age ${recipients_list[@]} --encrypt --armor --output "${secret_path}"
|
||
|
||
set +efu +o pipefail
|
||
}
|
||
|
||
age-edit-file() {
|
||
set -euf -o pipefail
|
||
local current_umask=$(umask)
|
||
umask 177
|
||
|
||
local secret_path="${1}"
|
||
local tmp_path="$(mktemp -p /dev/shm)"
|
||
local recipients_list=$(ageGetRecipientsList "${secret_path}")
|
||
local identity="${MASTERKEY_FILE:-$([[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && echo -n "$(realpath "secrets/hostkeys/masterkey.privkey")" || echo -n "/dev/stdin")}"
|
||
# [[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && local identity="$(realpath "secrets/hostkeys/masterkey.privkey")" ||
|
||
|
||
if test -e "${secret_path}"; then
|
||
set +e +o pipefail
|
||
|
||
age \
|
||
--decrypt \
|
||
--identity "${identity}" \
|
||
--output "${tmp_path}" \
|
||
"${secret_path}" || local decrypt_failed=true
|
||
|
||
set -e -o pipefail
|
||
else
|
||
# if file descriptor 0 is not a terminal, ie if /dev/stdin is a pipe
|
||
if [ ! -t 0 ]; then
|
||
cat "${identity}" > /dev/null
|
||
fi
|
||
fi
|
||
|
||
if [[ ! ${decrypt_failed:-} ]]; then
|
||
local mod_time_before=$(stat --format "%Y" "${tmp_path}")
|
||
${EDITOR} "${tmp_path}"
|
||
local mod_time_after=$(stat --format "%Y" "${tmp_path}")
|
||
|
||
if test "${mod_time_before}" != "${mod_time_after}"; then
|
||
echo "change detected, reencrypting file" > /dev/stderr
|
||
age ${recipients_list[@]} --encrypt --armor --output "${secret_path}" "${tmp_path}"
|
||
else
|
||
echo "no change detected, not reencrypting file" > /dev/stderr
|
||
fi
|
||
fi
|
||
|
||
rm "${tmp_path}"
|
||
|
||
umask ${current_umask}
|
||
set +efu +o pipefail
|
||
}
|
||
|
||
age-reencrypt-all() {
|
||
set -euf -o pipefail
|
||
local current_umask=$(umask)
|
||
umask 177
|
||
|
||
local identity="${1:-/dev/stdin}"
|
||
local identity_file="$(mktemp -u -p /dev/shm)"
|
||
|
||
# make the identity file reuseable, in case it actually is /dev/stdin
|
||
umask 177
|
||
cat "${identity}" > "${identity_file}"
|
||
|
||
find "secrets" -type f -not -name "*\.recipients" \
|
||
| grep -v "^secrets/hostkeys/"| while read line; do
|
||
if ! grep -q "^-----BEGIN AGE ENCRYPTED FILE-----$" "${line}"; then
|
||
echo "skipping unecrypted file '${line}'"
|
||
continue
|
||
fi
|
||
local recipients=$(ageGetRecipientsList "${line}")
|
||
echo "reencrypting '${line}' for recipients ${recipients[@]}"
|
||
local content="$(age --decrypt \
|
||
--identity "${identity_file}" \
|
||
"${line}" \
|
||
)" || {
|
||
echo "ERROR: failed decryption of '${line}'" > /dev/stderr
|
||
echo "aborting and leaving secrets store in an inconsistent state" > /dev/stderr
|
||
exit 2
|
||
}
|
||
if test $? -eq 0 ; then
|
||
echo -n "${content}" \
|
||
| age ${recipients[@]} \
|
||
--encrypt \
|
||
--armor \
|
||
--output "${line}"
|
||
fi
|
||
done
|
||
|
||
rm "${identity_file}"
|
||
|
||
umask ${current_umask}
|
||
set +efu +o pipefail
|
||
|
||
echo "SUCCESS" > /dev/stderr
|
||
}
|
||
fi
|
||
|
||
# eza - set aliasses for eza to use it as ls replacement
|
||
if [[ $(command -v eza) ]]; then
|
||
ezafunc() {
|
||
eza -l -F -g -h --git --group-directories-first --icons ${@:-}
|
||
}
|
||
lfunc() {
|
||
ezafunc -T -L ${@:-}
|
||
}
|
||
lafunc() {
|
||
ezafunc -a -T -L ${@:-}
|
||
}
|
||
lefunc() {
|
||
ezafunc -a -T -L ${@:-} --extended
|
||
}
|
||
alias l='lfunc 1'
|
||
alias la='lafunc 1'
|
||
alias le='lefunc 1'
|
||
alias ll='lfunc 2'
|
||
alias lla='lafunc 2'
|
||
alias lle='lefunc 2'
|
||
fi
|
||
|
||
# wttr - show the weather forecast in Terminal
|
||
wttr() {
|
||
if [ -z "${1}" ]; then
|
||
curl http://wttr.in
|
||
elif [[ "${1}" == "help" ]]; then
|
||
cat << EOF
|
||
usage: wttr (City|3-letter airport code|'~Special+Location')
|
||
City:
|
||
Just write down the name of the city.
|
||
e.G.:
|
||
wttr London
|
||
3-letter airport code:
|
||
Use 3-letter airport codes in order to get the weather information at a certain airport.
|
||
e.G.:
|
||
wttr muc #for Munich Internation Airpot, Germany
|
||
Special Location:
|
||
Let's say you'd like to get the weather for a geographical location other than a town or city -
|
||
maybe an attraction in a city, a mountain name, or some special location.
|
||
Add the character '~' before the name to look up that special location name before the weather is then retrieved.
|
||
e.G.:
|
||
wttr '~Eiffel+Tower'
|
||
wttr '~Kilimanjaro'
|
||
EOF
|
||
else
|
||
curl http://wttr.in/${1}
|
||
fi
|
||
}
|
||
|
||
{%@@ if profile == 'WVDEWOBMC001307' @@%}
|
||
macnst (){
|
||
netstat -Watnlv | grep LISTEN | awk '{"ps -o comm= -p " $9 | getline procname;colred="\033[01;31m";colclr="\033[0m"; print colred "proto: " colclr $1 colred " | addr.port: " colclr $4 colred " | pid: " colclr $9 colred " | name: " colclr procname; }' | column -t -s "|"
|
||
}
|
||
|
||
function setProxyEnv(){
|
||
local HIGHLIGHT='\033[36;1m'
|
||
local RESET='\033[0;0m'
|
||
|
||
local PROXY='127.0.0.1:9000'
|
||
local PROXY_CFG_HTTP="${PROXY}"
|
||
local PROXY_CFG_HTTPS="${PROXY}"
|
||
local NO_PROXY_CFG="127.0.0.1,localhost,vw.vwg"
|
||
|
||
export NO_PROXY="${NO_PROXY_CFG}"
|
||
export no_proxy="${NO_PROXY_CFG}"
|
||
export HTTP_PROXY="${PROXY_CFG_HTTP}"
|
||
export HTTPS_PROXY="${PROXY_CFG_HTTPS}"
|
||
export http_proxy="${PROXY_CFG_HTTP}"
|
||
export https_proxy="${PROXY_CFG_HTTPS}"
|
||
export GIT_SSH_COMMAND='ssh -o ProxyCommand="/opt/homebrew/bin/corkscrew localhost 9000 %h %p"'
|
||
|
||
echo -e "\n✈️ exported zscaler proxy: ${HIGHLIGHT}http://${PROXY}${RESET}"
|
||
}
|
||
|
||
function unsetProxyEnv(){
|
||
unset NO_PROXY
|
||
unset HTTP_PROXY
|
||
unset HTTPS_PROXY
|
||
unset no_proxy
|
||
unset http_proxy
|
||
unset https_proxy
|
||
unset GIT_SSH_COMMAND
|
||
|
||
echo -e "\n🔄 removed zscaler proxy cofiguration"
|
||
}
|
||
|
||
function setVpnGitRemote(){
|
||
local ORIGIN=vpn #e.g.
|
||
local HIGHLIGHT='\033[36;1m'
|
||
local RESET='\033[0;0m'
|
||
|
||
local repo="ssh://git@vpn.github.com:443/${$(git config remote.origin.url)#*git@github.com:}"
|
||
git remote add ${ORIGIN} "${repo}" 2> /dev/null
|
||
|
||
echo -e "🔗 git remote (${HIGHLIGHT}${ORIGIN}${RESET}): ${HIGHLIGHT}${repo}${RESET}\n"
|
||
}
|
||
{%@@ endif @@%} |