refactor: migrate private domain to encrypted file and improve configuration

- Replace interactive prompt with encrypted domain.txt.age file - Move encryption config to top level in .chezmoi.toml.tmpl - Add platform-specific shell configuration for chezmoi cd command - Remove unused Perl PATH configuration from commonrc - Add commit-staged slash command for git workflow - Enable nushell banner and improve init_pre.ts logging - Clean up deprecated installation scripts (ovpn, gitconfig) - Update hishtory server configuration to use encrypted domain
2025-12-05 23:14:46 -06:00 · 2025-10-26 18:18:37 -05:00
parent 02b9236ecf
commit 397b21122e
9 changed files with 43 additions and 68 deletions
--- a/home/.chezmoi.toml.tmpl
+++ b/home/.chezmoi.toml.tmpl
@@ -33,7 +33,7 @@
 {{-   $wsl = (.chezmoi.kernel.osrelease | lower | contains "microsoft") -}}
 {{- end -}}

-{{ $privateDomain := promptStringOnce . "privateDomain" "What is the private domain" }}
+encryption = "age"

 [merge]
 command = "bash"
@@ -43,7 +43,6 @@ args = [
 ]

 [data]
-	privateDomain = {{ $privateDomain | quote }}
 	chassis = {{ $chassisType | quote }}
 	wsl = {{ $wsl }}

@@ -58,8 +57,6 @@ args = [
 	identity = "{{ .chezmoi.homeDir }}/key.txt"
 	recipient = "age1s3ctpj9lafl6qwyvd89sn448us7gdzd53d8yyhsc7zny78c0k4sqerrkze"

-encryption = "age"
-
 [doppler]
 	project = "dotfiles"
 	config = "production"
@@ -70,3 +67,11 @@ encryption = "age"
 [hooks.update.pre]
 	command = "bun"
 	args = ["{{ .chezmoi.sourceDir }}/hooks/.update_pre.ts"]
+
+{{ if eq .chezmoi.os "windows" }}
+[cd]
+	command = "nu"
+{{ else }}
+[cd]
+	command = "bash"
+{{ end }}
--- a/home/.chezmoitemplates/scripts/commonrc.sh.tmpl
+++ b/home/.chezmoitemplates/scripts/commonrc.sh.tmpl
@@ -11,7 +11,7 @@ export TERM=xterm-256color  # fixes terminal colors when ssh'ing into laptop
 export OPENAI_API_KEY="{{ dopplerProjectJson.OPENAI_CHATGPT_CLI }}"

 # hishtory
-export HISHTORY_SERVER="https://hsh.{{ .data.privateDomain }}"
+export HISHTORY_SERVER="https://hsh.{{ joinPath .chezmoi.sourceDir ".domain.age" | include | decrypt }}"
 export PATH="$PATH:$HOME/.hishtory"
 {{ if eq .shell "zsh" -}}
 source $HOME/.hishtory/config.zsh
@@ -83,15 +83,6 @@ case ":$PATH:" in
  *) export PATH="$PNPM_HOME:$PATH" ;;
 esac

-# perl
-if [ -d "$HOME/perl5" ]; then
-    PATH="$HOME/perl5/bin${PATH:+:${PATH}}"; export PATH;
-    PERL5LIB="$HOME/perl5/lib/perl5${PERL5LIB:+:${PERL5LIB}}"; export PERL5LIB;
-    PERL_LOCAL_LIB_ROOT="$HOME/perl5${PERL_LOCAL_LIB_ROOT:+:${PERL_LOCAL_LIB_ROOT}}"; export PERL_LOCAL_LIB_ROOT;
-    PERL_MB_OPT="--install_base \"$HOME/perl5\""; export PERL_MB_OPT;
-    PERL_MM_OPT="INSTALL_BASE=$HOME/perl5"; export PERL_MM_OPT;
-fi
-
 # spicetify
 if [ -d "$HOME/.spicetify" ]; then
    export PATH=$PATH:$HOME/.spicetify
--- a/home/dot_claude/commands/commit-staged.md
+++ b/home/dot_claude/commands/commit-staged.md
@@ -0,0 +1,17 @@
+---
+allowed-tools: Bash(git status:*), Bash(git diff:*), Bash(git log:*), Bash(git commit:*)
+description: Create a git commit (staged files only)
+---
+
+## Context
+
+- Current git status: !`git status`
+- Current git diff (staged changes only): !`git diff --cached`
+- Current branch: !`git branch --show-current`
+- Recent commits: !`git log --oneline -10`
+
+## Your task
+
+Based on the above staged changes, create a single git commit.
+
+You have the capability to call multiple tools in a single response. Create the commit using a single message. Do not stage any additional files. Do not use any other tools or do anything else. Do not send any other text or messages besides these tool calls.
--- a/home/dot_config/nushell/config.nu.tmpl
+++ b/home/dot_config/nushell/config.nu.tmpl
@@ -148,7 +148,7 @@ let light_theme = {

 # The default config record. This is where much of your global configuration is setup.
 $env.config = {
-    show_banner: false # true or false to enable or disable the welcome banner at startup
+    show_banner: true # true or false to enable or disable the welcome banner at startup

    ls: {
        use_ls_colors: true # use the LS_COLORS environment variable to colorize output
--- a/home/encrypted_domain.txt.age
+++ b/home/encrypted_domain.txt.age
@@ -0,0 +1,7 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRkRzdi9vOXZDNkJHcXIr
+czB2SzhxdWhsSy9zbCs5L2txNXRpYm0waUVjCnRha0VmblBsTW40c1BUWmp4TGxk
+eGJXSFhxNDlZeTBLbUYzRTBwenlrMUUKLS0tIEJjNm1ZYzBTelhkTzB4ZnhMWHg2
+SGtJUGZoaitZMTZYbHMzZ0pRRFk0K2MKF/zTT3k3qDpyc48t7VImOtWKnhWkjUKh
+xLoFy9B+8X/ivtWpDJX1DFKym0YhYA==
+-----END AGE ENCRYPTED FILE-----
--- a/home/hooks/.init_pre.ts
+++ b/home/hooks/.init_pre.ts
@@ -1,15 +1,19 @@
 #!/usr/bin/env bun
-console.log("init_pre.ts");

 import { exists } from "node:fs/promises";
 import { join } from "node:path";
 import { homedir } from "node:os";
 import { $ } from "bun";

+// Type-safe wrapper around console.log that prepends [init_pre]
+const log = (...args: any[]): void => {
+  console.log("[init_pre]", ...args);
+};
+
 const filePath = join(homedir(), "key.txt");

 if (await exists(filePath)) {
-  console.log("key.txt already exists");
+  log("key.txt already exists");
  process.exit(0);
 }

@@ -24,4 +28,4 @@ if (result.exitCode !== 0) {

 // Write the secret to a file
 await Bun.write(filePath, result.stdout);
-console.log("key.txt bootstrapped");
+log("key.txt bootstrapped");
--- a/home/run_install_ovpn_config.sh.tmpl
+++ b/home/run_install_ovpn_config.sh.tmpl
@@ -1,43 +0,0 @@
-#!/bin/bash
-set -eu
-{{/* This script pulls down the OpenVPN-Config.ovpn file. It will do so once per week. */ -}}
-
-FILE=~/.config/ovpn/Local.ovpn
-ONE_WEEK=604800
-
-function displaytime {
-    local T=$1
-    local D=$((T / 60 / 60 / 24))
-    local H=$((T / 60 / 60 % 24))
-    local M=$((T / 60 % 60))
-    local S=$((T % 60))
-    (($D > 0)) && printf '%d days ' $D
-    (($H > 0)) && printf '%d hours ' $H
-    (($M > 0)) && printf '%d minutes ' $M
-    (($D > 0 || $H > 0 || $M > 0)) && printf 'and '
-    printf '%d seconds\n' $S
-}
-
-download() {
-    echo "Downloading OpenVPN-Config.ovpn"
-    TEMP_FILE=$(mktemp)
-    if doppler secrets get OPENVPN_CONFIG --plain >> "$TEMP_FILE"; then
-        mkdir -p "$(dirname "$FILE")"
-        mv "$TEMP_FILE" "$FILE"
-    else
-        echo "Failed to download OpenVPN-Config.ovpn"
-    fi
-}
-
-# Check if file exists
-if [ -f "$FILE" ]; then
-    FILE_ABSOLUTE=$(realpath "$FILE")
-    RELATIVE_SECONDS=$(expr $EPOCHSECONDS - $(stat -c %Y -- "$FILE_ABSOLUTE"))
-
-    if ! test "$RELATIVE_SECONDS" -lt $ONE_WEEK; then
-        echo "File is older than a week, redownloading (last downloaded $(displaytime $RELATIVE_SECONDS) ago)"
-        download
-    fi
-else
-    download
-fi
--- a/home/run_onchange_gitconfig.sh.tmpl
+++ b/home/run_onchange_gitconfig.sh.tmpl
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-# We just need to have access to the Git repository
-cd {{ .chezmoi.sourceDir }}
-# The path is relative to the .git/config file
-git config --local include.path ../.gitconfig
--- a/home/run_onchange_install-packages.sh.tmpl
+++ b/home/run_onchange_install-packages.sh.tmpl
@@ -48,7 +48,7 @@ fi
 # Install hishtory
 if ! type -P hishtory; then
    echo "chezmoi: Installing hishtory"
-    export HISHTORY_SERVER="https://hsh.{{ .privateDomain }}"
+    export HISHTORY_SERVER="https://hsh.{{ joinPath .chezmoi.sourceDir ".domain.age" | include | decrypt }}"
    export HISHTORY_SKIP_INIT_IMPORT='true'
    curl https://hishtory.dev/install.py | python3 - --offline --skip-config-modification
 fi