2023-09-13 09:06:14 +00:00
|
|
|
|
#! /bin/sed 2,5!d;s/^#.//
|
|
|
|
|
# This script must be sourced from within a shell
|
|
|
|
|
# and not executed. For instance with:
|
|
|
|
|
#
|
|
|
|
|
# . ~/.commonfunc
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# {{@@ header() @@}}
|
|
|
|
|
#
|
|
|
|
|
|
2023-10-15 10:08:35 +00:00
|
|
|
|
# age encryption / decryption helpers
|
|
|
|
|
# based on https://git.sr.ht/~digital/secretFiles
|
|
|
|
|
if [[ $(command -v age) ]]; then
|
|
|
|
|
# get recipients for age file to encrypt with
|
|
|
|
|
ageGetRecipientsList() {
|
|
|
|
|
local target="${1}"
|
|
|
|
|
local search="${target}"
|
|
|
|
|
local recipients=( "-R" "secrets/hostkeys/masterkey.pubkey" )
|
|
|
|
|
local recip
|
|
|
|
|
while true; do
|
|
|
|
|
if test -d "${search}.recipients"; then
|
|
|
|
|
for recip in $(ls ${search}.recipients) ; do
|
|
|
|
|
if test -n "${recip}"; then
|
|
|
|
|
recipients+=("-R" "${search}.recipients/${recip}")
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
elif test -f "${search}.recipients"; then
|
|
|
|
|
recipients+=( "-R" "${search}.recipients")
|
|
|
|
|
fi
|
|
|
|
|
if test "$(realpath ${search})" = "$(realpath $(pwd))"; then
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
search=$(dirname "${search}")
|
|
|
|
|
done
|
|
|
|
|
echo "${recipients[@]}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
age-gen-key() {
|
|
|
|
|
set -efu -o pipefail
|
|
|
|
|
|
|
|
|
|
local keyname="${1}"
|
|
|
|
|
|
|
|
|
|
mkdir -p "secrets/hostkeys/"
|
|
|
|
|
echo "generating new keys for host ${keyname}";
|
|
|
|
|
age-keygen \
|
|
|
|
|
2> "secrets/hostkeys/${keyname}.pubkey" \
|
|
|
|
|
| age -p --armor -e -o "secrets/hostkeys/${keyname}.privkey"
|
|
|
|
|
sed -i 's/Public key: //' "secrets/hostkeys/${keyname}.pubkey"
|
|
|
|
|
|
|
|
|
|
set +efu +o pipefail
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
age-import-secret() {
|
2023-10-15 11:17:54 +00:00
|
|
|
|
local data=$(</dev/stdin);
|
2023-10-15 10:08:35 +00:00
|
|
|
|
set -euf -o pipefail
|
|
|
|
|
|
|
|
|
|
local secret_path="${1}"
|
|
|
|
|
local recipients_list=$(ageGetRecipientsList "${secret_path}")
|
|
|
|
|
local dirname="$(dirname ${secret_path})"
|
|
|
|
|
local identity="${MASTERKEY_FILE:-secrets/hostkeys/masterkey.privkey}"
|
|
|
|
|
|
|
|
|
|
mkdir -p "${dirname}"
|
|
|
|
|
|
2023-10-15 11:21:38 +00:00
|
|
|
|
echo -n ${data} | age $(sed -e "s/^\'//" -e "s/\'$//" <<<"${recipients_list[@]}") --encrypt --armor --output "${secret_path}"
|
2023-10-15 10:08:35 +00:00
|
|
|
|
|
|
|
|
|
set +efu +o pipefail
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
age-edit-file() {
|
|
|
|
|
set -euf -o pipefail
|
|
|
|
|
local current_umask=$(umask)
|
|
|
|
|
umask 177
|
|
|
|
|
|
|
|
|
|
local secret_path="${1}"
|
|
|
|
|
local tmp_path="$(mktemp -p /dev/shm)"
|
|
|
|
|
local recipients_list=$(ageGetRecipientsList "${secret_path}")
|
|
|
|
|
local identity="${MASTERKEY_FILE:-$([[ -f "$(realpath "secrets/hostkeys/masterkey.privkey")" ]] && echo -n "$(realpath "secrets/hostkeys/masterkey.privkey")" || echo -n "/dev/stdin")}"
|
|
|
|
|
|
|
|
|
|
if test -e "${secret_path}"; then
|
|
|
|
|
set +e +o pipefail
|
|
|
|
|
|
|
|
|
|
age \
|
|
|
|
|
--decrypt \
|
|
|
|
|
--identity "${identity}" \
|
|
|
|
|
--output "${tmp_path}" \
|
|
|
|
|
"${secret_path}" || local decrypt_failed=true
|
|
|
|
|
|
|
|
|
|
set -e -o pipefail
|
|
|
|
|
else
|
|
|
|
|
# if file descriptor 0 is not a terminal, ie if /dev/stdin is a pipe
|
|
|
|
|
if [ ! -t 0 ]; then
|
|
|
|
|
cat "${identity}" > /dev/null
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [[ ! ${decrypt_failed:-} ]]; then
|
|
|
|
|
local mod_time_before=$(stat --format "%Y" "${tmp_path}")
|
|
|
|
|
${EDITOR} "${tmp_path}"
|
|
|
|
|
local mod_time_after=$(stat --format "%Y" "${tmp_path}")
|
|
|
|
|
|
|
|
|
|
if test "${mod_time_before}" != "${mod_time_after}"; then
|
|
|
|
|
echo "change detected, reencrypting file" > /dev/stderr
|
2023-10-15 11:26:52 +00:00
|
|
|
|
age $(sed -e "s/^\'//" -e "s/\'$//" <<<"${recipients_list[@]}") --encrypt --armor --output "${secret_path}" "${tmp_path}"
|
2023-10-15 10:08:35 +00:00
|
|
|
|
else
|
|
|
|
|
echo "no change detected, not reencrypting file" > /dev/stderr
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
rm "${tmp_path}"
|
|
|
|
|
|
|
|
|
|
umask ${current_umask}
|
|
|
|
|
set +efu +o pipefail
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
age-reencrypt-all() {
|
|
|
|
|
set -euf -o pipefail
|
|
|
|
|
local current_umask=$(umask)
|
|
|
|
|
umask 177
|
|
|
|
|
|
|
|
|
|
local identity="${1:-/dev/stdin}"
|
|
|
|
|
local identity_file="$(mktemp -u -p /dev/shm)"
|
|
|
|
|
|
|
|
|
|
# make the identity file reuseable, in case it actually is /dev/stdin
|
|
|
|
|
umask 177
|
|
|
|
|
cat "${identity}" > "${identity_file}"
|
|
|
|
|
|
|
|
|
|
find "secrets" -type f -not -name "*\.recipients" \
|
|
|
|
|
| grep -v "^secrets/hostkeys/"| while read line; do
|
|
|
|
|
if ! grep -q "^-----BEGIN AGE ENCRYPTED FILE-----$" "${line}"; then
|
|
|
|
|
echo "skipping unecrypted file '${line}'"
|
|
|
|
|
continue
|
|
|
|
|
fi
|
|
|
|
|
local recipients=$(ageGetRecipientsList "${line}")
|
|
|
|
|
echo "reencrypting '${line}' for recipients ${recipients[@]}"
|
|
|
|
|
local content="$(age --decrypt \
|
|
|
|
|
--identity "${identity_file}" \
|
|
|
|
|
"${line}" \
|
|
|
|
|
)" || {
|
|
|
|
|
echo "ERROR: failed decryption of '${line}'" > /dev/stderr
|
|
|
|
|
echo "aborting and leaving secrets store in an inconsistent state" > /dev/stderr
|
|
|
|
|
exit 2
|
|
|
|
|
}
|
|
|
|
|
if test $? -eq 0 ; then
|
|
|
|
|
echo -n "${content}" \
|
2023-10-15 11:26:52 +00:00
|
|
|
|
| age $(sed -e "s/^\'//" -e "s/\'$//" <<<"${recipients[@]}") \
|
2023-10-15 10:08:35 +00:00
|
|
|
|
--encrypt \
|
|
|
|
|
--armor \
|
|
|
|
|
--output "${line}"
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
rm "${identity_file}"
|
|
|
|
|
|
|
|
|
|
umask ${current_umask}
|
|
|
|
|
set +efu +o pipefail
|
|
|
|
|
|
|
|
|
|
echo "SUCCESS" > /dev/stderr
|
|
|
|
|
}
|
|
|
|
|
fi
|
|
|
|
|
|
2023-09-13 09:21:51 +00:00
|
|
|
|
# eza - set aliasses for eza to use it as ls replacement
|
|
|
|
|
if [[ $(command -v eza) ]]; then
|
|
|
|
|
ezafunc() {
|
|
|
|
|
eza -l -F -g -h --git --group-directories-first --icons ${@:-}
|
2023-09-13 09:06:14 +00:00
|
|
|
|
}
|
|
|
|
|
lfunc() {
|
2023-09-21 16:40:00 +00:00
|
|
|
|
ezafunc -T -L ${@:-}
|
2023-09-13 09:06:14 +00:00
|
|
|
|
}
|
|
|
|
|
lafunc() {
|
2023-09-21 16:40:00 +00:00
|
|
|
|
ezafunc -a -T -L ${@:-}
|
2023-09-13 09:37:19 +00:00
|
|
|
|
}
|
|
|
|
|
lefunc() {
|
2023-09-21 16:40:00 +00:00
|
|
|
|
ezafunc -a -T -L ${@:-} --extended
|
2023-09-13 09:06:14 +00:00
|
|
|
|
}
|
2023-09-21 16:40:00 +00:00
|
|
|
|
alias l='lfunc 1'
|
|
|
|
|
alias la='lafunc 1'
|
|
|
|
|
alias le='lefunc 1'
|
2023-09-13 09:37:19 +00:00
|
|
|
|
alias ll='lfunc 2'
|
2023-09-13 09:06:14 +00:00
|
|
|
|
alias lla='lafunc 2'
|
2023-09-13 09:37:19 +00:00
|
|
|
|
alias lle='lefunc 2'
|
2023-09-13 09:06:14 +00:00
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# wttr - show the weather forecast in Terminal
|
|
|
|
|
wttr() {
|
|
|
|
|
if [ -z "${1}" ]; then
|
|
|
|
|
curl http://wttr.in
|
|
|
|
|
elif [[ "${1}" == "help" ]]; then
|
|
|
|
|
cat << EOF
|
|
|
|
|
usage: wttr (City|3-letter airport code|'~Special+Location')
|
|
|
|
|
City:
|
|
|
|
|
Just write down the name of the city.
|
|
|
|
|
e.G.:
|
|
|
|
|
wttr London
|
|
|
|
|
3-letter airport code:
|
|
|
|
|
Use 3-letter airport codes in order to get the weather information at a certain airport.
|
|
|
|
|
e.G.:
|
|
|
|
|
wttr muc #for Munich Internation Airpot, Germany
|
|
|
|
|
Special Location:
|
|
|
|
|
Let's say you'd like to get the weather for a geographical location other than a town or city -
|
|
|
|
|
maybe an attraction in a city, a mountain name, or some special location.
|
|
|
|
|
Add the character '~' before the name to look up that special location name before the weather is then retrieved.
|
|
|
|
|
e.G.:
|
|
|
|
|
wttr '~Eiffel+Tower'
|
|
|
|
|
wttr '~Kilimanjaro'
|
|
|
|
|
EOF
|
|
|
|
|
else
|
|
|
|
|
curl http://wttr.in/${1}
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{%@@ if profile == 'WVDEWOBMC001307' @@%}
|
|
|
|
|
macnst (){
|
|
|
|
|
netstat -Watnlv | grep LISTEN | awk '{"ps -o comm= -p " $9 | getline procname;colred="\033[01;31m";colclr="\033[0m"; print colred "proto: " colclr $1 colred " | addr.port: " colclr $4 colred " | pid: " colclr $9 colred " | name: " colclr procname; }' | column -t -s "|"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function setProxyEnv(){
|
|
|
|
|
local HIGHLIGHT='\033[36;1m'
|
|
|
|
|
local RESET='\033[0;0m'
|
|
|
|
|
|
|
|
|
|
local PROXY='127.0.0.1:9000'
|
|
|
|
|
local PROXY_CFG_HTTP="${PROXY}"
|
|
|
|
|
local PROXY_CFG_HTTPS="${PROXY}"
|
|
|
|
|
local NO_PROXY_CFG="127.0.0.1,localhost,vw.vwg"
|
|
|
|
|
|
|
|
|
|
export NO_PROXY="${NO_PROXY_CFG}"
|
|
|
|
|
export no_proxy="${NO_PROXY_CFG}"
|
|
|
|
|
export HTTP_PROXY="${PROXY_CFG_HTTP}"
|
|
|
|
|
export HTTPS_PROXY="${PROXY_CFG_HTTPS}"
|
|
|
|
|
export http_proxy="${PROXY_CFG_HTTP}"
|
|
|
|
|
export https_proxy="${PROXY_CFG_HTTPS}"
|
|
|
|
|
export GIT_SSH_COMMAND='ssh -o ProxyCommand="/opt/homebrew/bin/corkscrew localhost 9000 %h %p"'
|
|
|
|
|
|
|
|
|
|
echo -e "\n✈️ exported zscaler proxy: ${HIGHLIGHT}http://${PROXY}${RESET}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function unsetProxyEnv(){
|
|
|
|
|
unset NO_PROXY
|
|
|
|
|
unset HTTP_PROXY
|
|
|
|
|
unset HTTPS_PROXY
|
|
|
|
|
unset no_proxy
|
|
|
|
|
unset http_proxy
|
|
|
|
|
unset https_proxy
|
|
|
|
|
unset GIT_SSH_COMMAND
|
|
|
|
|
|
|
|
|
|
echo -e "\n🔄 removed zscaler proxy cofiguration"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function setVpnGitRemote(){
|
|
|
|
|
local ORIGIN=vpn #e.g.
|
|
|
|
|
local HIGHLIGHT='\033[36;1m'
|
|
|
|
|
local RESET='\033[0;0m'
|
|
|
|
|
|
|
|
|
|
local repo="ssh://git@vpn.github.com:443/${$(git config remote.origin.url)#*git@github.com:}"
|
|
|
|
|
git remote add ${ORIGIN} "${repo}" 2> /dev/null
|
|
|
|
|
|
|
|
|
|
echo -e "🔗 git remote (${HIGHLIGHT}${ORIGIN}${RESET}): ${HIGHLIGHT}${repo}${RESET}\n"
|
|
|
|
|
}
|
|
|
|
|
{%@@ endif @@%}
|