From 397b21122e59aa6bbeafd4873d81769433bd6c4f Mon Sep 17 00:00:00 2001 From: Ryan Walters Date: Sun, 26 Oct 2025 18:18:37 -0500 Subject: [PATCH] refactor: migrate private domain to encrypted file and improve configuration - Replace interactive prompt with encrypted domain.txt.age file - Move encryption config to top level in .chezmoi.toml.tmpl - Add platform-specific shell configuration for chezmoi cd command - Remove unused Perl PATH configuration from commonrc - Add commit-staged slash command for git workflow - Enable nushell banner and improve init_pre.ts logging - Clean up deprecated installation scripts (ovpn, gitconfig) - Update hishtory server configuration to use encrypted domain --- home/.chezmoi.toml.tmpl | 13 ++++-- .../scripts/commonrc.sh.tmpl | 11 +---- home/dot_claude/commands/commit-staged.md | 17 ++++++++ home/dot_config/nushell/config.nu.tmpl | 2 +- home/encrypted_domain.txt.age | 7 +++ home/hooks/.init_pre.ts | 10 +++-- home/run_install_ovpn_config.sh.tmpl | 43 ------------------- home/run_onchange_gitconfig.sh.tmpl | 6 --- home/run_onchange_install-packages.sh.tmpl | 2 +- 9 files changed, 43 insertions(+), 68 deletions(-) create mode 100644 home/dot_claude/commands/commit-staged.md create mode 100644 home/encrypted_domain.txt.age delete mode 100644 home/run_install_ovpn_config.sh.tmpl delete mode 100644 home/run_onchange_gitconfig.sh.tmpl diff --git a/home/.chezmoi.toml.tmpl b/home/.chezmoi.toml.tmpl index 460dd6e..e33c5a2 100644 --- a/home/.chezmoi.toml.tmpl +++ b/home/.chezmoi.toml.tmpl @@ -33,7 +33,7 @@ {{- $wsl = (.chezmoi.kernel.osrelease | lower | contains "microsoft") -}} {{- end -}} -{{ $privateDomain := promptStringOnce . "privateDomain" "What is the private domain" }} +encryption = "age" [merge] command = "bash" @@ -43,7 +43,6 @@ args = [ ] [data] - privateDomain = {{ $privateDomain | quote }} chassis = {{ $chassisType | quote }} wsl = {{ $wsl }} @@ -58,8 +57,6 @@ args = [ identity = "{{ .chezmoi.homeDir }}/key.txt" recipient = "age1s3ctpj9lafl6qwyvd89sn448us7gdzd53d8yyhsc7zny78c0k4sqerrkze" -encryption = "age" - [doppler] project = "dotfiles" config = "production" @@ -70,3 +67,11 @@ encryption = "age" [hooks.update.pre] command = "bun" args = ["{{ .chezmoi.sourceDir }}/hooks/.update_pre.ts"] + +{{ if eq .chezmoi.os "windows" }} +[cd] + command = "nu" +{{ else }} +[cd] + command = "bash" +{{ end }} \ No newline at end of file diff --git a/home/.chezmoitemplates/scripts/commonrc.sh.tmpl b/home/.chezmoitemplates/scripts/commonrc.sh.tmpl index bb29809..55060e0 100644 --- a/home/.chezmoitemplates/scripts/commonrc.sh.tmpl +++ b/home/.chezmoitemplates/scripts/commonrc.sh.tmpl @@ -11,7 +11,7 @@ export TERM=xterm-256color # fixes terminal colors when ssh'ing into laptop export OPENAI_API_KEY="{{ dopplerProjectJson.OPENAI_CHATGPT_CLI }}" # hishtory -export HISHTORY_SERVER="https://hsh.{{ .data.privateDomain }}" +export HISHTORY_SERVER="https://hsh.{{ joinPath .chezmoi.sourceDir ".domain.age" | include | decrypt }}" export PATH="$PATH:$HOME/.hishtory" {{ if eq .shell "zsh" -}} source $HOME/.hishtory/config.zsh @@ -83,15 +83,6 @@ case ":$PATH:" in *) export PATH="$PNPM_HOME:$PATH" ;; esac -# perl -if [ -d "$HOME/perl5" ]; then - PATH="$HOME/perl5/bin${PATH:+:${PATH}}"; export PATH; - PERL5LIB="$HOME/perl5/lib/perl5${PERL5LIB:+:${PERL5LIB}}"; export PERL5LIB; - PERL_LOCAL_LIB_ROOT="$HOME/perl5${PERL_LOCAL_LIB_ROOT:+:${PERL_LOCAL_LIB_ROOT}}"; export PERL_LOCAL_LIB_ROOT; - PERL_MB_OPT="--install_base \"$HOME/perl5\""; export PERL_MB_OPT; - PERL_MM_OPT="INSTALL_BASE=$HOME/perl5"; export PERL_MM_OPT; -fi - # spicetify if [ -d "$HOME/.spicetify" ]; then export PATH=$PATH:$HOME/.spicetify diff --git a/home/dot_claude/commands/commit-staged.md b/home/dot_claude/commands/commit-staged.md new file mode 100644 index 0000000..aebdaeb --- /dev/null +++ b/home/dot_claude/commands/commit-staged.md @@ -0,0 +1,17 @@ +--- +allowed-tools: Bash(git status:*), Bash(git diff:*), Bash(git log:*), Bash(git commit:*) +description: Create a git commit (staged files only) +--- + +## Context + +- Current git status: !`git status` +- Current git diff (staged changes only): !`git diff --cached` +- Current branch: !`git branch --show-current` +- Recent commits: !`git log --oneline -10` + +## Your task + +Based on the above staged changes, create a single git commit. + +You have the capability to call multiple tools in a single response. Create the commit using a single message. Do not stage any additional files. Do not use any other tools or do anything else. Do not send any other text or messages besides these tool calls. diff --git a/home/dot_config/nushell/config.nu.tmpl b/home/dot_config/nushell/config.nu.tmpl index c278fc5..5393b6e 100644 --- a/home/dot_config/nushell/config.nu.tmpl +++ b/home/dot_config/nushell/config.nu.tmpl @@ -148,7 +148,7 @@ let light_theme = { # The default config record. This is where much of your global configuration is setup. $env.config = { - show_banner: false # true or false to enable or disable the welcome banner at startup + show_banner: true # true or false to enable or disable the welcome banner at startup ls: { use_ls_colors: true # use the LS_COLORS environment variable to colorize output diff --git a/home/encrypted_domain.txt.age b/home/encrypted_domain.txt.age new file mode 100644 index 0000000..2401b99 --- /dev/null +++ b/home/encrypted_domain.txt.age @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRkRzdi9vOXZDNkJHcXIr +czB2SzhxdWhsSy9zbCs5L2txNXRpYm0waUVjCnRha0VmblBsTW40c1BUWmp4TGxk +eGJXSFhxNDlZeTBLbUYzRTBwenlrMUUKLS0tIEJjNm1ZYzBTelhkTzB4ZnhMWHg2 +SGtJUGZoaitZMTZYbHMzZ0pRRFk0K2MKF/zTT3k3qDpyc48t7VImOtWKnhWkjUKh +xLoFy9B+8X/ivtWpDJX1DFKym0YhYA== +-----END AGE ENCRYPTED FILE----- diff --git a/home/hooks/.init_pre.ts b/home/hooks/.init_pre.ts index 1013e01..91ba27a 100755 --- a/home/hooks/.init_pre.ts +++ b/home/hooks/.init_pre.ts @@ -1,15 +1,19 @@ #!/usr/bin/env bun -console.log("init_pre.ts"); import { exists } from "node:fs/promises"; import { join } from "node:path"; import { homedir } from "node:os"; import { $ } from "bun"; +// Type-safe wrapper around console.log that prepends [init_pre] +const log = (...args: any[]): void => { + console.log("[init_pre]", ...args); +}; + const filePath = join(homedir(), "key.txt"); if (await exists(filePath)) { - console.log("key.txt already exists"); + log("key.txt already exists"); process.exit(0); } @@ -24,4 +28,4 @@ if (result.exitCode !== 0) { // Write the secret to a file await Bun.write(filePath, result.stdout); -console.log("key.txt bootstrapped"); +log("key.txt bootstrapped"); diff --git a/home/run_install_ovpn_config.sh.tmpl b/home/run_install_ovpn_config.sh.tmpl deleted file mode 100644 index f68ac21..0000000 --- a/home/run_install_ovpn_config.sh.tmpl +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -set -eu -{{/* This script pulls down the OpenVPN-Config.ovpn file. It will do so once per week. */ -}} - -FILE=~/.config/ovpn/Local.ovpn -ONE_WEEK=604800 - -function displaytime { - local T=$1 - local D=$((T / 60 / 60 / 24)) - local H=$((T / 60 / 60 % 24)) - local M=$((T / 60 % 60)) - local S=$((T % 60)) - (($D > 0)) && printf '%d days ' $D - (($H > 0)) && printf '%d hours ' $H - (($M > 0)) && printf '%d minutes ' $M - (($D > 0 || $H > 0 || $M > 0)) && printf 'and ' - printf '%d seconds\n' $S -} - -download() { - echo "Downloading OpenVPN-Config.ovpn" - TEMP_FILE=$(mktemp) - if doppler secrets get OPENVPN_CONFIG --plain >> "$TEMP_FILE"; then - mkdir -p "$(dirname "$FILE")" - mv "$TEMP_FILE" "$FILE" - else - echo "Failed to download OpenVPN-Config.ovpn" - fi -} - -# Check if file exists -if [ -f "$FILE" ]; then - FILE_ABSOLUTE=$(realpath "$FILE") - RELATIVE_SECONDS=$(expr $EPOCHSECONDS - $(stat -c %Y -- "$FILE_ABSOLUTE")) - - if ! test "$RELATIVE_SECONDS" -lt $ONE_WEEK; then - echo "File is older than a week, redownloading (last downloaded $(displaytime $RELATIVE_SECONDS) ago)" - download - fi -else - download -fi diff --git a/home/run_onchange_gitconfig.sh.tmpl b/home/run_onchange_gitconfig.sh.tmpl deleted file mode 100644 index f0c66b1..0000000 --- a/home/run_onchange_gitconfig.sh.tmpl +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -# We just need to have access to the Git repository -cd {{ .chezmoi.sourceDir }} -# The path is relative to the .git/config file -git config --local include.path ../.gitconfig diff --git a/home/run_onchange_install-packages.sh.tmpl b/home/run_onchange_install-packages.sh.tmpl index 7e3409f..6df0e12 100644 --- a/home/run_onchange_install-packages.sh.tmpl +++ b/home/run_onchange_install-packages.sh.tmpl @@ -48,7 +48,7 @@ fi # Install hishtory if ! type -P hishtory; then echo "chezmoi: Installing hishtory" - export HISHTORY_SERVER="https://hsh.{{ .privateDomain }}" + export HISHTORY_SERVER="https://hsh.{{ joinPath .chezmoi.sourceDir ".domain.age" | include | decrypt }}" export HISHTORY_SKIP_INIT_IMPORT='true' curl https://hishtory.dev/install.py | python3 - --offline --skip-config-modification fi