Update dotfiles/.local/share/chezmoi/home/dot_ssh/create_encrypted_private_readonly_private_id_rsa.tmpl, dotfiles/.local/share/chezmoi/home/dot_ssh/run_onchanges_after_generate-public-keys, dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-{{ .user.username }}.service.tmpl, dotfiles/.local/share/chezmoi/system-linux/usr/local/bin/executable_rclone-mount, dotfiles/.local/share/chezmoi/home/dot_cache/readonly_rclone/.gitkeep, dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep, dotfiles/.local/share/chezmoi/system-linux/etc/rcloneignore, dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-docker.service, dotfiles/.local/share/chezmoi/system-linux/mnt/private_r2-docker/remove_dot_gitkeep, dotfiles/.local/share/chezmoi/system-linux/var/log/user/run_onchange_after-symlink-user-logs, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/dot_local/log/remove_dot_gitkeep, dotfiles/.local/share/chezmoi/home/private_dot_config/rclone/merge_rclone.conf
Deleted dotfiles/.local/share/chezmoi/home/dot_ssh/id_rsa.pub
This commit is contained in:
parent
3f5fb3e6d3
commit
dc2c74a2b1
14 changed files with 164 additions and 22 deletions
|
@ -13,9 +13,11 @@
|
||||||
{{- $githubUsername := "ProfessorManhattan" -}}
|
{{- $githubUsername := "ProfessorManhattan" -}}
|
||||||
{{- $githubReadToken := "" -}}
|
{{- $githubReadToken := "" -}}
|
||||||
{{- $gitlabReadToken := "" -}}
|
{{- $gitlabReadToken := "" -}}
|
||||||
|
{{- $locale := (output ("echo" "$LANG")) }}
|
||||||
{{- $ngrokAuthToken := "" -}}
|
{{- $ngrokAuthToken := "" -}}
|
||||||
{{- $slackApiToken := "" -}}
|
{{- $slackApiToken := "" -}}
|
||||||
{{- $tabbySyncToken := "" -}}
|
{{- $tabbySyncToken := "" -}}
|
||||||
|
{{- $timezone := "" -}}
|
||||||
{{- $toolchains := list "docker" "iac" "java" "kubernetes" "node" "python" "rust" "extra" -}}
|
{{- $toolchains := list "docker" "iac" "java" "kubernetes" "node" "python" "rust" "extra" -}}
|
||||||
|
|
||||||
{{- $data := . }}
|
{{- $data := . }}
|
||||||
|
@ -96,6 +98,8 @@
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- $domain = promptStringOnce $data.user "domain" "Domain" $domain -}}
|
{{- $domain = promptStringOnce $data.user "domain" "Domain" $domain -}}
|
||||||
|
{{- $locale = promptStringOnce $data.user "locale" "locale" "Locale" $locale -}}
|
||||||
|
{{- $timezone = promptStringOnce $data.user "timezone" "Timezone" $timezone -}}
|
||||||
{{- $cloudflareUsername = promptStringOnce $data.user "cloudflareUsername" "CloudFlare E-Mail" $email -}}
|
{{- $cloudflareUsername = promptStringOnce $data.user "cloudflareUsername" "CloudFlare E-Mail" $email -}}
|
||||||
{{- $cloudflareToken = promptStringOnce $data.user "cloudflareToken" "CloudFlare API Token" $cloudflareToken -}}
|
{{- $cloudflareToken = promptStringOnce $data.user "cloudflareToken" "CloudFlare API Token" $cloudflareToken -}}
|
||||||
{{- $gitlabReadToken = promptStringOnce $data.user "gitlabReadToken" "GitLab read-only token (See: https://github.com/gabrie30/ghorg#scm-provider-setup)" $gitlabReadToken }}
|
{{- $gitlabReadToken = promptStringOnce $data.user "gitlabReadToken" "GitLab read-only token (See: https://github.com/gabrie30/ghorg#scm-provider-setup)" $gitlabReadToken }}
|
||||||
|
@ -127,6 +131,7 @@ data:
|
||||||
family: "{{ .chezmoi.os }}"
|
family: "{{ .chezmoi.os }}"
|
||||||
id: "{{ get .chezmoi.osRelease "id" | default .chezmoi.os }}"
|
id: "{{ get .chezmoi.osRelease "id" | default .chezmoi.os }}"
|
||||||
home: "{{ .chezmoi.homeDir }}"
|
home: "{{ .chezmoi.homeDir }}"
|
||||||
|
homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}"
|
||||||
type: "{{ $chassisType }}"
|
type: "{{ $chassisType }}"
|
||||||
work: {{ $work }}
|
work: {{ $work }}
|
||||||
restricted: {{ $restricted }}
|
restricted: {{ $restricted }}
|
||||||
|
@ -138,14 +143,17 @@ data:
|
||||||
user:
|
user:
|
||||||
email: "{{ $email }}"
|
email: "{{ $email }}"
|
||||||
name: "{{ $name }}"
|
name: "{{ $name }}"
|
||||||
username: 'Betelgeuse'
|
username: "{{ output ("echo" "$USER") }}
|
||||||
domain: "{{ $domain }}"
|
domain: "{{ $domain }}"
|
||||||
gmailAddress: "{{ $gmailAddress }}"
|
gmailAddress: "{{ $gmailAddress }}"
|
||||||
gmailAddressAppPassword: "{{ $gmailAddressAppPassword }}"
|
gmailAddressAppPassword: "{{ $gmailAddressAppPassword }}"
|
||||||
githubUsername: "{{ $githubUsername }}"
|
githubUsername: "{{ $githubUsername }}"
|
||||||
locale: "en_US"
|
locale: "{{ $locale }}"
|
||||||
timezone: "America/New_York"
|
timezone: "{{ $timezone }}"
|
||||||
CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
|
CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
|
||||||
|
CLOUDFLARE_ACCESS_KEY_ID: "{{ $cloudflareAccessKeyId }}"
|
||||||
|
CLOUDFLARE_SECRET_ACCESS_KEY: "{{ $cloudflareSecretAccessKey }}"
|
||||||
|
CLOUDFLARE_R2_ACCOUNT_ID: "{{ $cloudflareR2AccountId }}"
|
||||||
GITHUB_READ_TOKEN: "{{ $githubReadToken }}"
|
GITHUB_READ_TOKEN: "{{ $githubReadToken }}"
|
||||||
GITLAB_READ_TOKEN: "{{ $gitlabReadToken }}"
|
GITLAB_READ_TOKEN: "{{ $gitlabReadToken }}"
|
||||||
NGROK_AUTH_TOKEN: "{{ $ngrokAuthToken }}"
|
NGROK_AUTH_TOKEN: "{{ $ngrokAuthToken }}"
|
||||||
|
@ -158,9 +166,6 @@ git:
|
||||||
autoCommit: true
|
autoCommit: true
|
||||||
autoPush: true
|
autoPush: true
|
||||||
scriptEnv:
|
scriptEnv:
|
||||||
CLOUDFLARE_ACCESS_KEY_ID: "{{ $cloudflareAccessKeyId }}"
|
|
||||||
CLOUDFLARE_SECRET_ACCESS_KEY: "{{ $cloudflareSecretAccessKey }}"
|
|
||||||
CLOUDFLARE_R2_ACCOUNT_ID: "{{ $cloudflareR2AccountId }}"
|
|
||||||
LEXICON_CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
|
LEXICON_CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
|
||||||
LEXICON_CLOUDFLARE_TOKEN: "{{ $cloudflareToken }}"
|
LEXICON_CLOUDFLARE_TOKEN: "{{ $cloudflareToken }}"
|
||||||
textconv:
|
textconv:
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
{{- if ( bitwarden "item" "dev.betelgeuse.ssh.personal.id_rsa.private" ).notes -}}
|
||||||
|
{{- ( bitwarden "item" "dev.betelgeuse.ssh.personal.id_rsa.private" ).notes -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $sshLocation = (joinPath .chezmoi.homeDir ".ssh" "id_rsa") -}}
|
||||||
|
{{- if not (stat $sshLocation) -}}
|
||||||
|
{{- $sshKeygen = (output "ssh-keygen" "-b" "4096" "-t" "rsa" "-f" $sshLocation "-q" "-N" }}
|
||||||
|
{{- writeToStdout "Generated new SSH key since none were present and could not connect to BitWarden. It will be encrypted and included in your source." -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- include $sshLocation }}
|
||||||
|
{{ end }}
|
|
@ -1 +0,0 @@
|
||||||
{{ ( bitwarden "item" "dev.muniftanjim.ssh.personal.id_rsa.private" ).notes }}
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
{{ $sshFiles = (output "find" "$HOME/.ssh" "-type" "f") }}
|
||||||
|
{{ range $sshFile := $sshFiles }}
|
||||||
|
# .ssh hash: {{ include ".ssh" | sha256sum }}
|
||||||
|
# {{ $sshFile }} hash: {{ include $sshFile | sha256sum }}
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
logg 'Ensuring RSA public keys are present'
|
||||||
|
find "$HOME/.ssh" -type f | while read FILE; do
|
||||||
|
if [ ! -f "${FILE}" ] && cat "$FILE" | grep 'BEGIN RSA PRIVATE KEY'; then
|
||||||
|
logg 'Generating missing public key for `'"$FILE"'`'
|
||||||
|
ssh-keygen -f "$FILE" -y > "${FILE}.pub"
|
||||||
|
fi
|
||||||
|
done
|
|
@ -1,22 +1,29 @@
|
||||||
{{- if and (ne .scriptEnv.CLOUDFLARE_ACCESS_KEY_ID "") (ne .scriptEnv.CLOUDFLARE_SECRET_ACCESS_KEY "") (ne .scriptEnv.CLOUDFLARE_R2_ACCOUNT_ID "") }}
|
{{- if and (ne .user.CLOUDFLARE_ACCESS_KEY_ID "") (ne .user.CLOUDFLARE_SECRET_ACCESS_KEY "") (ne .user.CLOUDFLARE_R2_ACCOUNT_ID "") }}
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
R2_CONFIG=$(cat <<EOT
|
|
||||||
|
# Consider https://github.com/dustinsand/blockinfile
|
||||||
|
CONFIG_FILE="$HOME/.config/rclone/rclone.conf"
|
||||||
|
if cat "$CONFIG_FILE" | grep '# MEGABYTE LABS MANAGED r2-user'; then
|
||||||
|
# TODO: Remove old block
|
||||||
|
START_LINE="$(echo `grep -n -m 1 "# MEGABYTE LABS MANAGED r2-user" .zshrc | cut -f1 -d ":"`)"
|
||||||
|
END_LINE="$(echo `grep -n -m 1 "# MEGABYTE LABS MANAGED r2-user" .zshrc | cut -f1 -d ":"`)"
|
||||||
|
if command -v gsed > /dev/null; then
|
||||||
|
gsed -i "$START_LINE,$END_LINEd" "$CONFIG_FILE"
|
||||||
|
else
|
||||||
|
sed -i "$START_LINE,$END_LINEd" "$CONFIG_FILE"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
tee -a "$CONFIG_FILE" > /dev/null <<EOT
|
||||||
|
# MEGABYTE LABS MANAGED r2-user
|
||||||
[r2-user]
|
[r2-user]
|
||||||
type = s3
|
type = s3
|
||||||
provider = Cloudflare
|
provider = Cloudflare
|
||||||
access_key_id = {{ .user.cloudflareAccessKeyId }}
|
access_key_id = {{ .user.CLOUDFLARE_ACCESS_KEY_ID }}
|
||||||
secret_access_key = {{ .user.cloudflareSecretAccessKey }}
|
secret_access_key = {{ .user.CLOUDFLARE_SECRET_ACCESS_KEY }}
|
||||||
region = auto
|
region = auto
|
||||||
endpoint = https://{{ .user.cloudflareR2AccountId }}.r2.cloudflarestorage.com
|
endpoint = https://{{ .user.CLOUDFLARE_R2_ACCOUNT_ID }}.r2.cloudflarestorage.com
|
||||||
acl = private
|
acl = private
|
||||||
|
# MEGABYTE LABS MANAGED r2-user
|
||||||
EOT
|
EOT
|
||||||
)
|
{{- end }}
|
||||||
|
|
||||||
# Consider https://github.com/dustinsand/blockinfile
|
|
||||||
if cat $HOME/.config/rclone/rclone.conf | grep '[r2-user]'; then
|
|
||||||
# TODO: Remove old block
|
|
||||||
fi
|
|
||||||
|
|
||||||
# TODO:
|
|
||||||
#tee -a
|
|
||||||
{{- end -}}
|
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
**/.**
|
||||||
|
**/_**
|
||||||
|
**/*.db
|
||||||
|
**/*.box
|
||||||
|
**/Network Trash Folder**
|
||||||
|
**/node_modules**
|
|
@ -0,0 +1,14 @@
|
||||||
|
[Unit]
|
||||||
|
Description=rclone r2 system service (docker)
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=docker
|
||||||
|
ExecStart=/usr/local/bin/rclone-mount "docker" "docker" "r2-docker"
|
||||||
|
ExecStop=/bin/fusermount -u /mnt/r2-docker
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
|
@ -0,0 +1,15 @@
|
||||||
|
[Unit]
|
||||||
|
Description=rclone r2 user service ({{ .user.username }})
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User={{ .user.username }}
|
||||||
|
ExecStartPre=/usr/bin/mkdir /home/{{ .user.username }}/.local/mnt/r2
|
||||||
|
ExecStart=/usr/local/bin/rclone-mount "user" "{{ .user.username }}" "r2"
|
||||||
|
ExecStop=/bin/fusermount -u /home/{{ .user.username }}/.local/mnt/r2
|
||||||
|
Restart=always
|
||||||
|
RestartSec=10
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
|
@ -0,0 +1,60 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
### Variables
|
||||||
|
TYPE="$1"
|
||||||
|
USER="$2"
|
||||||
|
MOUNT="$3"
|
||||||
|
if [ "$TYPE" = 'user' ]; then
|
||||||
|
CACHE_FOLDER="/home/$USER/.cache/rclone"
|
||||||
|
CONFIG_FOLDER="/home/$USER/.config/rclone"
|
||||||
|
LOG_FOLDER="/home/$USER/.local/log"
|
||||||
|
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
|
||||||
|
MOUNT_PATH="/home/{{ .user.username }}/.local/mnt/$MOUNT"
|
||||||
|
elif [ "$TYPE" = 'docker' ]; then
|
||||||
|
CACHE_FOLDER="/var/cache/rclone/$MOUNT"
|
||||||
|
CONFIG_FOLDER="/etc"
|
||||||
|
LOG_FOLDER="/var/log/rclone"
|
||||||
|
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
|
||||||
|
MOUNT_PATH="/mnt/$MOUNT"
|
||||||
|
else
|
||||||
|
CACHE_FOLDER="/var/cache/rclone"
|
||||||
|
CONFIG_FOLDER="/etc"
|
||||||
|
LOG_FOLDER="/var/log/rclone"
|
||||||
|
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
|
||||||
|
MOUNT_PATH="/mnt/$MOUNT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
### Ensure directories created
|
||||||
|
if [ ! -d "$CACHE_FOLDER" ]; then
|
||||||
|
mkdir -p "$CACHE_FOLDER"
|
||||||
|
fi
|
||||||
|
if [ ! -d "$CONFIG_FOLDER" ]; then
|
||||||
|
mkdir -p "$CONFIG_FOLDER"
|
||||||
|
fi
|
||||||
|
if [ ! -d "$LOG_FOLDER" ]; then
|
||||||
|
mkdir -p "$LOG_FOLDER"
|
||||||
|
fi
|
||||||
|
if [ ! -d "$MOUNT_PATH" ]; then
|
||||||
|
mkdir -p "$MOUNT_PATH"
|
||||||
|
fi
|
||||||
|
|
||||||
|
### Mount
|
||||||
|
/usr/bin/rclone --config="$CONFIG_FOLDER/rclone.conf" \
|
||||||
|
mount \
|
||||||
|
--cache-tmp-upload-path="$CACHE_FOLDER/$MOUNT-upload" \
|
||||||
|
--cache-chunk-path="$CACHE_FOLDER/$MOUNT-chunks" \
|
||||||
|
--cache-workers=8 \
|
||||||
|
--cache-writes \
|
||||||
|
--cache-dir="$CACHE_FOLDER/$MOUNT-vfs" \
|
||||||
|
--cache-db-path="$CACHE_FOLDER/$MOUNT-db" \
|
||||||
|
--log-file="$LOG_FILE" \
|
||||||
|
--no-modtime \
|
||||||
|
--drive-use-trash \
|
||||||
|
--stats=0 \
|
||||||
|
--checkers=16 \
|
||||||
|
--bwlimit=40M \
|
||||||
|
--dir-cache-time=60m \
|
||||||
|
--vfs-cache-mode full \
|
||||||
|
--cache-info-age=60m \
|
||||||
|
--filter-from="$CONFIG_FOLDER/rcloneignore"
|
||||||
|
"$MOUNT":/ "$MOUNT_PATH"
|
1
dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep
vendored
Normal file
1
dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# home directories: {{ output ("find" .host.homeParentFolder "-maxdepth" "1" "-type" "d" "|" "xargs" "echo") }}
|
||||||
|
|
||||||
|
find /home -maxdepth 1 -type d | while read HOME_DIR; do
|
||||||
|
USER_FOLDER="$(echo "$HOME_DIR" | sed 's/\/\([^\/]*\)/\1/')"
|
||||||
|
if [ ! -d "/var/log/user/$USER_FOLDER" ] && [ -d "$HOME_DIR/.local/log" ]; then
|
||||||
|
sudo ln -s "$HOME_DIR/.local/log" "/var/log/user/$USER_FOLDER"
|
||||||
|
fi
|
||||||
|
done
|
Loading…
Reference in a new issue