plomlompom.com Git - config/blob - bookworm/setup_scripts/setup_home.sh

   1 #!/bin/sh
   2 set -e
   3 . ./misc.sh
   4
   5 expect_n_args 1 "(system name)" "$@"
   6 get_system_name_arg "$1"
   7
   8 cd $setup_scripts_dir
   9 ./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
  10
  11 secrets_dev="sdb"
  12 source_dir_secrets="/media/${secrets_dev}/to_usb"
  13 target_dir_secrets="${HOME}/tmp_secrets"
  14 echo "Put secrets drive into slot for /dev/${secrets_dev}."
  15 while [ ! -e /dev/"${secrets_dev}" ]; do
  16     sleep 1
  17 done
  18 stty -echo
  19 printf "Secrets passphrase: "
  20 read SECRETS_PASS
  21 stty echo
  22 echo "" # newline so user knows their input return was accepted
  23 sudo -v
  24 echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
  25 cp -a "${source_dir_secrets}" "${target_dir_secrets}"
  26 sudo chown -R plom:plom "${target_dir_secrets}"
  27 sudo pumount "${secrets_dev}"
  28 echo "You can remove /dev/${secrets_dev} now."
  29
  30 # Set up iniitial non-public parts of infrastructure: SSH authentication.
  31 ssh_dir=~/.ssh
  32 cd "${target_dir_secrets}"
  33 mkdir -p "${ssh_dir}"
  34 echo "Setting up .ssh"
  35 cp id_rsa ~/.ssh
  36 stty -echo
  37 ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
  38 stty echo
  39 eval $(ssh-agent)
  40 ssh-add
  41 ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
  42
  43 # Fill ~/public_repos.
  44 public_repos_dir="${HOME}/public_repos"
  45 repos_list_file="${public_repos_dir}/repos"
  46 mkdir -p "${public_repos_dir}"
  47 cat "${repos_list_file}" | while read line; do
  48     first_char=$(echo "${line}" | cut -c1)
  49     if [ "${first_char}" = "#" ]; then
  50         continue
  51     fi
  52     repo_name="${line}"
  53     if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
  54         cd "${public_repos_dir}"
  55         git clone plom@plomlompom.com:/var/repos/${repo_name}
  56     fi
  57 done
  58
  59 # Remove redundant config repo copy.
  60 config_tree_prefix="${public_repos_dir}/config/${debian_version}"
  61 rm -rf ~/config
  62
  63 # # Set up native messenger for tridactyl.
  64 # version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
  65 # curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
  66
  67 # Set up further non-public parts of infrastructure.
  68 cd "${target_dir_secrets}"
  69 script -c 'gpg --import secret_keys.asc' /dev/null
  70 path_borgscript="${config_tree_prefix}//borg.sh"
  71
  72 # borg setup
  73 borgkeys_dir=~/.config/borg/keys
  74 borgrepos_file=~/.borgrepos
  75 tar xf borg_keyfiles.tar
  76 mkdir -p "${borgkeys_dir}"
  77 mv borg_keyfiles/* "${borgkeys_dir}"
  78 # Sync org dir via borgbackup. For this we need the borgbackup servers
  79 # in our .ssh/known_hosts file.
  80 cat "${borgrepos_file}" | while read line; do
  81     first_char=$(echo "${line}" | cut -c1)
  82     if [ "${first_char}" = "#" ]; then
  83         continue
  84     fi
  85     server=$(echo "${line}" | sed 's/.*@//')
  86     ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
  87 done
  88 BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
  89
  90 # .authinfo may not be present on every secrets drive yet
  91 authinfo_file=.authinfo
  92 if [ -f "${authinfo_file}" ]; then
  93     cp "${authinfo_file}" ~
  94 fi
  95 cd
  96
  97 rm -rf "${dir_secrets}"
  98
  99 maildir=~/mail/maildir
 100 # # Set up e-mail system. Note that we only do mbsync if the imap pass file
 101 # # is found. It may not be present on every secrets drive yet, so we have to
 102 # # deal with the possibility of it being absent at this point.
 103 mkdir -p "${maildir}"  # expected by mbsync/isync
 104 if [ -f "${HOME}/${authinfo_file}" ]; then
 105     mbsync -a
 106     notmuch new
 107 fi
 108
 109 # # Final note on how to integrate tridactyl.
 110 # echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."