Update dotfiles/.local/share/chezmoi/home/dot_ssh/create_encrypted_private_readonly_private_id_rsa.tmpl, dotfiles/.local/share/chezmoi/home/dot_ssh/run_onchanges_after_generate-public-keys, dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-{{ .user.username }}.service.tmpl, dotfiles/.local/share/chezmoi/system-linux/usr/local/bin/executable_rclone-mount, dotfiles/.local/share/chezmoi/home/dot_cache/readonly_rclone/.gitkeep, dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep, dotfiles/.local/share/chezmoi/system-linux/etc/rcloneignore, dotfiles/.local/share/chezmoi/system-linux/etc/systemd/system/r2-docker.service, dotfiles/.local/share/chezmoi/system-linux/mnt/private_r2-docker/remove_dot_gitkeep, dotfiles/.local/share/chezmoi/system-linux/var/log/user/run_onchange_after-symlink-user-logs, dotfiles/.local/share/chezmoi/home/.chezmoi.yaml.tmpl, dotfiles/.local/share/chezmoi/home/dot_local/log/remove_dot_gitkeep, dotfiles/.local/share/chezmoi/home/private_dot_config/rclone/merge_rclone.conf
Deleted dotfiles/.local/share/chezmoi/home/dot_ssh/id_rsa.pub
This commit is contained in:
Brian Zalewski
parent
3f5fb3e6d3
commit
dc2c74a2b1
14 changed files with 164 additions and 22 deletions
|
|
@ -13,9 +13,11 @@
|
|||
{{- $githubUsername := "ProfessorManhattan" -}}
|
||||
{{- $githubReadToken := "" -}}
|
||||
{{- $gitlabReadToken := "" -}}
|
||||
{{- $locale := (output ("echo" "$LANG")) }}
|
||||
{{- $ngrokAuthToken := "" -}}
|
||||
{{- $slackApiToken := "" -}}
|
||||
{{- $tabbySyncToken := "" -}}
|
||||
{{- $timezone := "" -}}
|
||||
{{- $toolchains := list "docker" "iac" "java" "kubernetes" "node" "python" "rust" "extra" -}}
|
||||
|
||||
{{- $data := . }}
|
||||
|
|
@ -96,6 +98,8 @@
|
|||
{{- end }}
|
||||
|
||||
{{- $domain = promptStringOnce $data.user "domain" "Domain" $domain -}}
|
||||
{{- $locale = promptStringOnce $data.user "locale" "locale" "Locale" $locale -}}
|
||||
{{- $timezone = promptStringOnce $data.user "timezone" "Timezone" $timezone -}}
|
||||
{{- $cloudflareUsername = promptStringOnce $data.user "cloudflareUsername" "CloudFlare E-Mail" $email -}}
|
||||
{{- $cloudflareToken = promptStringOnce $data.user "cloudflareToken" "CloudFlare API Token" $cloudflareToken -}}
|
||||
{{- $gitlabReadToken = promptStringOnce $data.user "gitlabReadToken" "GitLab read-only token (See: https://github.com/gabrie30/ghorg#scm-provider-setup)" $gitlabReadToken }}
|
||||
|
|
@ -127,6 +131,7 @@ data:
|
|||
family: "{{ .chezmoi.os }}"
|
||||
id: "{{ get .chezmoi.osRelease "id" | default .chezmoi.os }}"
|
||||
home: "{{ .chezmoi.homeDir }}"
|
||||
homeParentFolder: "{{ if eq .chezmoi.os "linux" }}/home{{ else if eq .chezmoi.os "darwin" }}/Users{{ else }}C:\Users{{ end }}"
|
||||
type: "{{ $chassisType }}"
|
||||
work: {{ $work }}
|
||||
restricted: {{ $restricted }}
|
||||
|
|
@ -138,14 +143,17 @@ data:
|
|||
user:
|
||||
email: "{{ $email }}"
|
||||
name: "{{ $name }}"
|
||||
username: 'Betelgeuse'
|
||||
username: "{{ output ("echo" "$USER") }}
|
||||
domain: "{{ $domain }}"
|
||||
gmailAddress: "{{ $gmailAddress }}"
|
||||
gmailAddressAppPassword: "{{ $gmailAddressAppPassword }}"
|
||||
githubUsername: "{{ $githubUsername }}"
|
||||
locale: "en_US"
|
||||
timezone: "America/New_York"
|
||||
locale: "{{ $locale }}"
|
||||
timezone: "{{ $timezone }}"
|
||||
CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
|
||||
CLOUDFLARE_ACCESS_KEY_ID: "{{ $cloudflareAccessKeyId }}"
|
||||
CLOUDFLARE_SECRET_ACCESS_KEY: "{{ $cloudflareSecretAccessKey }}"
|
||||
CLOUDFLARE_R2_ACCOUNT_ID: "{{ $cloudflareR2AccountId }}"
|
||||
GITHUB_READ_TOKEN: "{{ $githubReadToken }}"
|
||||
GITLAB_READ_TOKEN: "{{ $gitlabReadToken }}"
|
||||
NGROK_AUTH_TOKEN: "{{ $ngrokAuthToken }}"
|
||||
|
|
@ -158,9 +166,6 @@ git:
|
|||
autoCommit: true
|
||||
autoPush: true
|
||||
scriptEnv:
|
||||
CLOUDFLARE_ACCESS_KEY_ID: "{{ $cloudflareAccessKeyId }}"
|
||||
CLOUDFLARE_SECRET_ACCESS_KEY: "{{ $cloudflareSecretAccessKey }}"
|
||||
CLOUDFLARE_R2_ACCOUNT_ID: "{{ $cloudflareR2AccountId }}"
|
||||
LEXICON_CLOUDFLARE_USERNAME: "{{ $cloudflareUsername }}"
|
||||
LEXICON_CLOUDFLARE_TOKEN: "{{ $cloudflareToken }}"
|
||||
textconv:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
{{- if ( bitwarden "item" "dev.betelgeuse.ssh.personal.id_rsa.private" ).notes -}}
|
||||
{{- ( bitwarden "item" "dev.betelgeuse.ssh.personal.id_rsa.private" ).notes -}}
|
||||
{{- else -}}
|
||||
{{- $sshLocation = (joinPath .chezmoi.homeDir ".ssh" "id_rsa") -}}
|
||||
{{- if not (stat $sshLocation) -}}
|
||||
{{- $sshKeygen = (output "ssh-keygen" "-b" "4096" "-t" "rsa" "-f" $sshLocation "-q" "-N" }}
|
||||
{{- writeToStdout "Generated new SSH key since none were present and could not connect to BitWarden. It will be encrypted and included in your source." -}}
|
||||
{{- end -}}
|
||||
{{- include $sshLocation }}
|
||||
{{ end }}
|
||||
|
|
@ -1 +0,0 @@
|
|||
{{ ( bitwarden "item" "dev.muniftanjim.ssh.personal.id_rsa.private" ).notes }}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
{{ $sshFiles = (output "find" "$HOME/.ssh" "-type" "f") }}
|
||||
{{ range $sshFile := $sshFiles }}
|
||||
# .ssh hash: {{ include ".ssh" | sha256sum }}
|
||||
# {{ $sshFile }} hash: {{ include $sshFile | sha256sum }}
|
||||
{{ end }}
|
||||
|
||||
logg 'Ensuring RSA public keys are present'
|
||||
find "$HOME/.ssh" -type f | while read FILE; do
|
||||
if [ ! -f "${FILE}" ] && cat "$FILE" | grep 'BEGIN RSA PRIVATE KEY'; then
|
||||
logg 'Generating missing public key for `'"$FILE"'`'
|
||||
ssh-keygen -f "$FILE" -y > "${FILE}.pub"
|
||||
fi
|
||||
done
|
||||
|
|
@ -1,22 +1,29 @@
|
|||
{{- if and (ne .scriptEnv.CLOUDFLARE_ACCESS_KEY_ID "") (ne .scriptEnv.CLOUDFLARE_SECRET_ACCESS_KEY "") (ne .scriptEnv.CLOUDFLARE_R2_ACCOUNT_ID "") }}
|
||||
{{- if and (ne .user.CLOUDFLARE_ACCESS_KEY_ID "") (ne .user.CLOUDFLARE_SECRET_ACCESS_KEY "") (ne .user.CLOUDFLARE_R2_ACCOUNT_ID "") }}
|
||||
#!/usr/bin/env bash
|
||||
R2_CONFIG=$(cat <<EOT
|
||||
|
||||
# Consider https://github.com/dustinsand/blockinfile
|
||||
CONFIG_FILE="$HOME/.config/rclone/rclone.conf"
|
||||
if cat "$CONFIG_FILE" | grep '# MEGABYTE LABS MANAGED r2-user'; then
|
||||
# TODO: Remove old block
|
||||
START_LINE="$(echo `grep -n -m 1 "# MEGABYTE LABS MANAGED r2-user" .zshrc | cut -f1 -d ":"`)"
|
||||
END_LINE="$(echo `grep -n -m 1 "# MEGABYTE LABS MANAGED r2-user" .zshrc | cut -f1 -d ":"`)"
|
||||
if command -v gsed > /dev/null; then
|
||||
gsed -i "$START_LINE,$END_LINEd" "$CONFIG_FILE"
|
||||
else
|
||||
sed -i "$START_LINE,$END_LINEd" "$CONFIG_FILE"
|
||||
fi
|
||||
fi
|
||||
|
||||
tee -a "$CONFIG_FILE" > /dev/null <<EOT
|
||||
# MEGABYTE LABS MANAGED r2-user
|
||||
[r2-user]
|
||||
type = s3
|
||||
provider = Cloudflare
|
||||
access_key_id = {{ .user.cloudflareAccessKeyId }}
|
||||
secret_access_key = {{ .user.cloudflareSecretAccessKey }}
|
||||
access_key_id = {{ .user.CLOUDFLARE_ACCESS_KEY_ID }}
|
||||
secret_access_key = {{ .user.CLOUDFLARE_SECRET_ACCESS_KEY }}
|
||||
region = auto
|
||||
endpoint = https://{{ .user.cloudflareR2AccountId }}.r2.cloudflarestorage.com
|
||||
endpoint = https://{{ .user.CLOUDFLARE_R2_ACCOUNT_ID }}.r2.cloudflarestorage.com
|
||||
acl = private
|
||||
# MEGABYTE LABS MANAGED r2-user
|
||||
EOT
|
||||
)
|
||||
|
||||
# Consider https://github.com/dustinsand/blockinfile
|
||||
if cat $HOME/.config/rclone/rclone.conf | grep '[r2-user]'; then
|
||||
# TODO: Remove old block
|
||||
fi
|
||||
|
||||
# TODO:
|
||||
#tee -a
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
**/.**
|
||||
**/_**
|
||||
**/*.db
|
||||
**/*.box
|
||||
**/Network Trash Folder**
|
||||
**/node_modules**
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
[Unit]
|
||||
Description=rclone r2 system service (docker)
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=docker
|
||||
ExecStart=/usr/local/bin/rclone-mount "docker" "docker" "r2-docker"
|
||||
ExecStop=/bin/fusermount -u /mnt/r2-docker
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
[Unit]
|
||||
Description=rclone r2 user service ({{ .user.username }})
|
||||
After=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User={{ .user.username }}
|
||||
ExecStartPre=/usr/bin/mkdir /home/{{ .user.username }}/.local/mnt/r2
|
||||
ExecStart=/usr/local/bin/rclone-mount "user" "{{ .user.username }}" "r2"
|
||||
ExecStop=/bin/fusermount -u /home/{{ .user.username }}/.local/mnt/r2
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
#!/usr/bin/env sh
|
||||
|
||||
### Variables
|
||||
TYPE="$1"
|
||||
USER="$2"
|
||||
MOUNT="$3"
|
||||
if [ "$TYPE" = 'user' ]; then
|
||||
CACHE_FOLDER="/home/$USER/.cache/rclone"
|
||||
CONFIG_FOLDER="/home/$USER/.config/rclone"
|
||||
LOG_FOLDER="/home/$USER/.local/log"
|
||||
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
|
||||
MOUNT_PATH="/home/{{ .user.username }}/.local/mnt/$MOUNT"
|
||||
elif [ "$TYPE" = 'docker' ]; then
|
||||
CACHE_FOLDER="/var/cache/rclone/$MOUNT"
|
||||
CONFIG_FOLDER="/etc"
|
||||
LOG_FOLDER="/var/log/rclone"
|
||||
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
|
||||
MOUNT_PATH="/mnt/$MOUNT"
|
||||
else
|
||||
CACHE_FOLDER="/var/cache/rclone"
|
||||
CONFIG_FOLDER="/etc"
|
||||
LOG_FOLDER="/var/log/rclone"
|
||||
LOG_FILE="$LOG_FOLDER/$MOUNT.log"
|
||||
MOUNT_PATH="/mnt/$MOUNT"
|
||||
fi
|
||||
|
||||
### Ensure directories created
|
||||
if [ ! -d "$CACHE_FOLDER" ]; then
|
||||
mkdir -p "$CACHE_FOLDER"
|
||||
fi
|
||||
if [ ! -d "$CONFIG_FOLDER" ]; then
|
||||
mkdir -p "$CONFIG_FOLDER"
|
||||
fi
|
||||
if [ ! -d "$LOG_FOLDER" ]; then
|
||||
mkdir -p "$LOG_FOLDER"
|
||||
fi
|
||||
if [ ! -d "$MOUNT_PATH" ]; then
|
||||
mkdir -p "$MOUNT_PATH"
|
||||
fi
|
||||
|
||||
### Mount
|
||||
/usr/bin/rclone --config="$CONFIG_FOLDER/rclone.conf" \
|
||||
mount \
|
||||
--cache-tmp-upload-path="$CACHE_FOLDER/$MOUNT-upload" \
|
||||
--cache-chunk-path="$CACHE_FOLDER/$MOUNT-chunks" \
|
||||
--cache-workers=8 \
|
||||
--cache-writes \
|
||||
--cache-dir="$CACHE_FOLDER/$MOUNT-vfs" \
|
||||
--cache-db-path="$CACHE_FOLDER/$MOUNT-db" \
|
||||
--log-file="$LOG_FILE" \
|
||||
--no-modtime \
|
||||
--drive-use-trash \
|
||||
--stats=0 \
|
||||
--checkers=16 \
|
||||
--bwlimit=40M \
|
||||
--dir-cache-time=60m \
|
||||
--vfs-cache-mode full \
|
||||
--cache-info-age=60m \
|
||||
--filter-from="$CONFIG_FOLDER/rcloneignore"
|
||||
"$MOUNT":/ "$MOUNT_PATH"
|
||||
1
dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep
vendored
Normal file
1
dotfiles/.local/share/chezmoi/system-linux/var/cache/readonly_rclone/remove_dot_gitkeep
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# home directories: {{ output ("find" .host.homeParentFolder "-maxdepth" "1" "-type" "d" "|" "xargs" "echo") }}
|
||||
|
||||
find /home -maxdepth 1 -type d | while read HOME_DIR; do
|
||||
USER_FOLDER="$(echo "$HOME_DIR" | sed 's/\/\([^\/]*\)/\1/')"
|
||||
if [ ! -d "/var/log/user/$USER_FOLDER" ] && [ -d "$HOME_DIR/.local/log" ]; then
|
||||
sudo ln -s "$HOME_DIR/.local/log" "/var/log/user/$USER_FOLDER"
|
||||
fi
|
||||
done
|
||||
Loading…
Reference in a new issue