From a70f707424cbbec95351a9f61b6815c970ae0829 Mon Sep 17 00:00:00 2001 From: Brian Zalewski Date: Wed, 1 Feb 2023 07:10:02 +0000 Subject: [PATCH] Update 3 files - /local/provision.sh - /docs/CHEZMOI-INTRO.md - /home/.chezmoiscripts/universal/run_before_01-decrypt-age-key.tmpl --- docs/CHEZMOI-INTRO.md | 8 ++++ .../run_before_01-decrypt-age-key.tmpl | 47 ++++++++++--------- local/provision.sh | 2 +- 3 files changed, 34 insertions(+), 23 deletions(-) diff --git a/docs/CHEZMOI-INTRO.md b/docs/CHEZMOI-INTRO.md index faa86038..d00e12d9 100644 --- a/docs/CHEZMOI-INTRO.md +++ b/docs/CHEZMOI-INTRO.md @@ -20,6 +20,14 @@ To use a fork (if you made modifications to the original project), set this equa Note, this variable is used by the `bash <(curl -sSL https://install.doctor/start)` command and is not used anywhere in the project itself. +### Headless Install + +Set to true if you would like all prompts to be bypassed. If you have not already set up +your encryption keys, then the encryption process will be bypassed and default fallback +files will be used. Set to any value to perform a headless installation. + +* Environment variable: `HEADLESS_INSTALL` + ### Work Environment Set to true if you are setting up a work environment where things like Tor should diff --git a/home/.chezmoiscripts/universal/run_before_01-decrypt-age-key.tmpl b/home/.chezmoiscripts/universal/run_before_01-decrypt-age-key.tmpl index d8b7364e..7f5cead6 100644 --- a/home/.chezmoiscripts/universal/run_before_01-decrypt-age-key.tmpl +++ b/home/.chezmoiscripts/universal/run_before_01-decrypt-age-key.tmpl @@ -3,30 +3,33 @@ {{ includeTemplate "universal/logg-before" }} {{ includeTemplate "universal/profile-before" }} -### Install Age via Homebrew if not present -if ! command -v age > /dev/null; then - if command -v brew > /dev/null; then - logg info 'Running `brew install age`' - brew install age - else - logg warn '`age` is not installed which is utilized in the decryption process' +### Only run decryption process if HEADLESS_INSTALL variable is not set +if [ -z "$HEADLESS_INSTALL" ]; then + ### Install Age via Homebrew if not present + if ! command -v age > /dev/null; then + if command -v brew > /dev/null; then + logg info 'Running `brew install age`' + brew install age + else + logg warn '`age` is not installed which is utilized in the decryption process' + fi fi -fi -### Decrypt private key if it is not already present -if command -v age > /dev/null; then - if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then - mkdir -p "${XDG_CONFIG_HOME}/age" - logg star '`PRESS ENTER` if you have not set up your encryption token yet' - age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$? - if [ -n "$EXIT_CODE" ]; then - logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`' - logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG' - logg info 'Removing all files that begin with encrypted_ because decryption failed' - find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do - logg info "Removing $ENCRYPTED_FILE" - rm -f "$ENCRYPTED_FILE" - done + ### Decrypt private key if it is not already present + if command -v age > /dev/null; then + if [ ! -f "${XDG_CONFIG_HOME}/age/chezmoi.txt" ]; then + mkdir -p "${XDG_CONFIG_HOME}/age" + logg star '`PRESS ENTER` if you have not set up your encryption token yet' + age --decrypt --output "${XDG_CONFIG_HOME}/age/chezmoi.txt" "{{ .chezmoi.sourceDir }}/key.txt.age" || EXIT_CODE=$? + if [ -n "$EXIT_CODE" ]; then + logg info 'Proceeding without decrypting age encryption key stored at `~/.local/share/chezmoi/home/key.txt.age`' + logg info 'To have Chezmoi handle your encryption (so you can store your private files publicly) take a look at https://shorturl.at/jkpzG' + logg info 'Removing all files that begin with encrypted_ because decryption failed' + find "$HOME/.local/share/chezmoi" -type f -name "encrypted_*" | while read ENCRYPTED_FILE; do + logg info "Removing $ENCRYPTED_FILE" + rm -f "$ENCRYPTED_FILE" + done + fi fi fi fi diff --git a/local/provision.sh b/local/provision.sh index 57f998f9..486bbdc6 100644 --- a/local/provision.sh +++ b/local/provision.sh @@ -453,7 +453,7 @@ if [ "$DEBUG_MODE" == 'true' ]; then else DEBUG_MODIFIER="" fi -if [ -n "$FORCE_CHEZMOI" ]; then +if [ -n "$HEADLESS_INSTALL" ]; then if command -v unbuffer > /dev/null; then unbuffer -p chezmoi apply $DEBUG_MODIFIER -k --force 2>&1 | tee "${XDG_DATA_HOME:-$HOME/.local/share}/megabyte-labs/betelgeuse.$(date +%s).log" else