From 785f38b9a54809c0fa03f45a3b63ace63bb40095 Mon Sep 17 00:00:00 2001 From: Andrei Jiroh Halili Date: Wed, 28 Dec 2022 12:56:21 +0800 Subject: [PATCH] feat(global): stage config and scripts to version control Including just one script from ~sircmpwn for signing release source tarballs. Signed-off-by: Andrei Jiroh Halili --- .config/gh/config.yml | 15 ++ .config/glab-cli/aliases.yml | 2 + .config/htop/htoprc | 61 ++++++++ .config/systemd/.gitkeep | 0 .../user/tildeverse-vern-caddy.service | 15 ++ bin/backup-pgp-keys | 139 ++++++++++++++++++ bin/sign-tarball | 8 + 7 files changed, 240 insertions(+) create mode 100644 .config/gh/config.yml create mode 100644 .config/glab-cli/aliases.yml create mode 100644 .config/htop/htoprc create mode 100644 .config/systemd/.gitkeep create mode 100644 .config/systemd/user/tildeverse-vern-caddy.service create mode 100755 bin/backup-pgp-keys create mode 100755 bin/sign-tarball diff --git a/.config/gh/config.yml b/.config/gh/config.yml new file mode 100644 index 0000000..f32ba6a --- /dev/null +++ b/.config/gh/config.yml @@ -0,0 +1,15 @@ +# What protocol to use when performing git operations. Supported values: ssh, https +git_protocol: https +# What editor gh should run when creating issues, pull requests, etc. If blank, will refer to environment. +editor: +# When to interactively prompt. This is a global config that cannot be overridden by hostname. Supported values: enabled, disabled +prompt: enabled +# A pager program to send command output to, e.g. "less". Set the value to "cat" to disable the pager. +pager: +# Aliases allow you to create nicknames for gh commands +aliases: + co: pr checkout +# The path to a unix socket through which send HTTP connections. If blank, HTTP traffic will be handled by net/http.DefaultTransport. +http_unix_socket: +# What web browser gh should use when opening URLs. If blank, will refer to environment. +browser: diff --git a/.config/glab-cli/aliases.yml b/.config/glab-cli/aliases.yml new file mode 100644 index 0000000..0121550 --- /dev/null +++ b/.config/glab-cli/aliases.yml @@ -0,0 +1,2 @@ +ci: pipeline ci +co: mr checkout diff --git a/.config/htop/htoprc b/.config/htop/htoprc new file mode 100644 index 0000000..93fff70 --- /dev/null +++ b/.config/htop/htoprc @@ -0,0 +1,61 @@ +# Beware! This file is rewritten by htop when settings are changed in the interface. +# The parser is also very primitive, and not human-friendly. +htop_version=3.2.1 +config_reader_min_version=3 +fields=0 48 17 18 38 39 40 2 46 47 49 1 +hide_kernel_threads=1 +hide_userland_threads=0 +shadow_other_users=0 +show_thread_names=0 +show_program_path=1 +highlight_base_name=0 +highlight_deleted_exe=1 +highlight_megabytes=1 +highlight_threads=1 +highlight_changes=0 +highlight_changes_delay_secs=5 +find_comm_in_cmdline=1 +strip_exe_from_cmdline=1 +show_merged_command=0 +header_margin=1 +screen_tabs=1 +detailed_cpu_time=0 +cpu_count_from_one=0 +show_cpu_usage=1 +show_cpu_frequency=0 +show_cpu_temperature=0 +degree_fahrenheit=0 +update_process_names=0 +account_guest_in_cpu_meter=0 +color_scheme=0 +enable_mouse=1 +delay=15 +hide_function_bar=0 +header_layout=two_50_50 +column_meters_0=AllCPUs Memory Swap +column_meter_modes_0=1 1 1 +column_meters_1=Tasks LoadAverage Uptime +column_meter_modes_1=2 2 2 +tree_view=1 +sort_key=46 +tree_sort_key=0 +sort_direction=-1 +tree_sort_direction=1 +tree_view_always_by_pid=0 +all_branches_collapsed=0 +screen:Main=PID USER PRIORITY NICE M_VIRT M_RESIDENT M_SHARE STATE PERCENT_CPU PERCENT_MEM TIME Command +.sort_key=PERCENT_CPU +.tree_sort_key=PID +.tree_view=1 +.tree_view_always_by_pid=0 +.sort_direction=-1 +.tree_sort_direction=1 +.all_branches_collapsed=0 +screen:I/O=PID USER IO_PRIORITY IO_RATE IO_READ_RATE IO_WRITE_RATE +.sort_key=IO_RATE +.tree_sort_key=PID +.tree_view=0 +.tree_view_always_by_pid=0 +.sort_direction=-1 +.tree_sort_direction=1 +.all_branches_collapsed=0 diff --git a/.config/systemd/.gitkeep b/.config/systemd/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.config/systemd/user/tildeverse-vern-caddy.service b/.config/systemd/user/tildeverse-vern-caddy.service new file mode 100644 index 0000000..e866639 --- /dev/null +++ b/.config/systemd/user/tildeverse-vern-caddy.service @@ -0,0 +1,15 @@ +[Unit] +Description=Make proxied services available under *-ajhalili2006.vern.cc via Caddy + +[Service] +WorkingDirectory=/home/ajhalili2006/projects/andreijiroh.dev/tilde +# in case of power loss and we still need to do this +#ExecStartPre="/run/current-system/sw/bin/rm -f /home/ajhalili2006/.webserver.sock" +ExecStart=/run/current-system/sw/bin/bash /home/ajhalili2006/projects/andreijiroh.dev/tilde/start-caddy-tildeserv.sh +Restart=on-failure +StartLimitBurst=3 +StartLimitInterval=90 + +[Install] +WantedBy=multi-user.target + diff --git a/bin/backup-pgp-keys b/bin/backup-pgp-keys new file mode 100755 index 0000000..de19867 --- /dev/null +++ b/bin/backup-pgp-keys @@ -0,0 +1,139 @@ +#!/usr/bin/env bash + +# a script to generate backups for my GPG keys + +# literally all of active keys I use for different purposes +# https://ajhalili2006.vern.cc/ +DEFAULT_PRIVATE_KEYS="A30EBE40AD856D88 67BFC91B3DA12BE8 940047813E9D641C 120C218ED2291996 7067DB4C7768552F 7E4E0EF8B968A952" +DEFAULT_PUBLIC_KEYS="A30EBE40AD856D88 67BFC91B3DA12BE8 940047813E9D641C 120C218ED2291996" + +# allow anybody to automate this via envvars +PRIVATE_KEYS="${PRIVATE_KEYS:-"$DEFAULT_PRIVATE_KEYS"}" +PUBLIC_KEYS="${PUBLIC_KEYS:-"$DEFAULT_PUBLIC_KEYS"}" + +# Command snippet taken from OpenKeychain FAQs +# https://www.openkeychain.org/faq/#what-is-the-best-way-to-transfer-my-own-key-to-openkeychain +BACKUP_FILE_PASSWORD=$(gpg --armor --gen-random 1 20) +TIMESTAMP=$(date +%s) + +generate_pubkey_bak() { + echo "[Stage 1]: Export all public keys per PUBLIC_KEYS to '$EXPORT_DIR/personal-$TIMESTAMP.asc'" + echo + sleep 3 + + if [[ $_arg_secretkeys_only == "true" ]]; then + echo "warning: Skipping because --only-secret flag is used" + return + fi + + for key in $PUBLIC_KEYS; do + echo "Exporting keyid $key's public key" + if [[ $_arg_dryrun == "true" ]]; then + echo "+ gpg --armor --export \"$key\" >> \"$EXPORT_DIR/personal-$TIMESTAMP.asc\"" + else + gpg --armor --export "$key" >> "$EXPORT_DIR/personal-$TIMESTAMP.asc" + fi + sleep 3 + done +} + +generate_privkey_bak() { + echo "[Stage 2]: Export all private keys per PRIVATE_KEYS to '$EXPORT_DIR/backup-personal-$TIMESTAMP.asc'" + echo + sleep 3 + + if [[ $_arg_pubkeys_only == "true" ]]; then + echo "warning: Skipping because --only-public flag is used" + return + fi + + if [[ $_arg_dryrun == "true" ]]; then + for key in $PRIVATE_KEYS; do + echo "Exporting keyid $key with private key" + echo "+ gpg --armor --export-secret-keys $key >> $EXPORT_DIR/backup-personal-$TIMESTAMP.asc" + sleep 5 + done + echo "+ gpg --batch --asymmetric --passphrase \"$BACKUP_FILE_PASSWORD\" --output \"$EXPORT_DIR/private-keys-backup-$TIMESTAMP.sec.asc\"" + return + fi + + for key in $PRIVATE_KEYS; do + echo "Exporting keyid $key with private key" + gpg --armor --export-secret-keys "$key" >> "$EXPORT_DIR/backup-personal-$TIMESTAMP.asc" + sleep 5 + done + echo "warning: Use the following passphrase for encrypting the private key backup in case" + echo "warning: both --batch and --passphrase flags didn't work in 10 seconds below." + echo "warning:" + echo "warning: $BACKUP_FILE_PASSWORD" + echo "warning:" + sleep 10 + gpg --batch --asymmetric --passphrase "$BACKUP_FILE_PASSWORD" --output "$EXPORT_DIR/private-keys-backup-$TIMESTAMP.sec.asc" +} + +check_export_dir() { + echo "[Stage 0]: Check if the \$EXPORT_DIR exists and create if necessary" + echo + sleep 3 + # dry-run + if [[ $_arg_dryrun == "true" ]]; then + echo "+ mkdir $EXPORT_DIR" + return + fi + + if [[ ! -d "$EXPORT_DIR" ]]; then + echo "warning: Directory $EXPORT_DIR doesn't exist, attempting to create dir..." + if mkdir "$EXPORT_DIR"; then + true + else + error_code=$? + echo "error: Something gone horribly wrong while creating export directory." + echo "error: Check the logs, fix perms with chmod/chown/sudo and try again." + exit $error_code + fi + else + echo "info: export directory exists, contiuning..." + fi +} + +usage() { + echo "USAGE: [EXPORT_DIR=\$(pwd)] $0 [--only-public | --only-secret | --dry-run]" +} + +main() { + if [[ $DEBUG != "" ]]; then + set -x + fi + + _arg_pubkeys_only=false + _arg_secretkeys_only=false + _arg_dryrun=false + EXPORT_DIR=${EXPORT_DIR:-"$HOME/.export-toolkit"} + + # arg parser goes here + for _arg in "${@}"; do { + if test "$_arg" != "--" && [[ "$_arg" == -* ]]; then { + case "$_arg" in + --help | -h) + usage; exit 0 + ;; + --public-keys-only | --pubkeys | --only-public | -p) + _arg_pubkeys_only=true + ;; + --private-keys-only | --secretkeys | --only-secret | -s) + _arg_secretkeys_only=true + ;; + --dryrun | --dry-run | -d) + _arg_dryrun=true + ;; + esac + shift; + } fi + } done + + check_export_dir + generate_pubkey_bak + generate_privkey_bak +} + +main "$@" diff --git a/bin/sign-tarball b/bin/sign-tarball new file mode 100755 index 0000000..1b5c97a --- /dev/null +++ b/bin/sign-tarball @@ -0,0 +1,8 @@ +#!/bin/sh +project="$(basename $(pwd))" +version="$(git describe)" + +git archive --format=tar.gz --prefix="$project-$version/" "$version" \ + >"$project-$version.tar.gz" +gpg --detach-sign "$@" --default-key 940047813E9D641C "$project-$version.tar.gz" \ + >/tmp/"$project-$version".tar.gz.sig