refactor: migrate private domain and R2 credentials to Doppler

Migrate hardcoded encrypted files to centralized secret management: - Replace encrypted domain file with Doppler variable PRIVATE_DOMAIN - Remove encrypted R2 FUSE script and s3fs password files - Update hishtory server configuration in commonrc.sh and install script - Clean up .chezmoiignore for removed encrypted files This consolidates secret management into Doppler, reducing the number of encrypted files in the repository while maintaining security.
2025-12-06 01:14:48 -06:00 · 2025-10-26 19:29:48 -05:00
parent 397b21122e
commit 4f0b832564
6 changed files with 2 additions and 35 deletions
--- a/home/.chezmoiignore
+++ b/home/.chezmoiignore
@@ -25,7 +25,6 @@ tool-versions
 .profile
 .bash_aliases
 key.txt
 .passwd-s3fs.age
 .tmux.conf
 # Linux-only config directories
--- a/home/.chezmoitemplates/scripts/commonrc.sh.tmpl
+++ b/home/.chezmoitemplates/scripts/commonrc.sh.tmpl
@@ -11,7 +11,7 @@ export TERM=xterm-256color  # fixes terminal colors when ssh'ing into laptop
 export OPENAI_API_KEY="{{ dopplerProjectJson.OPENAI_CHATGPT_CLI }}"
 # hishtory
-export HISHTORY_SERVER="https://hsh.{{ joinPath .chezmoi.sourceDir ".domain.age" | include | decrypt }}"
+export HISHTORY_SERVER="https://hsh.{{ dopplerProjectJson.PRIVATE_DOMAIN }}"
 export PATH="$PATH:$HOME/.hishtory"
 {{ if eq .shell "zsh" -}}
 source $HOME/.hishtory/config.zsh
--- a/home/dot_scripts/encrypted_executable_r2_fuse.sh.age
+++ b/home/dot_scripts/encrypted_executable_r2_fuse.sh.age
@@ -1,16 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3aVFyd1pUOHpodWRhT1Yv
 RUlCYTArQmhoeldId0tsM3BVQTNrcGN4d0hjCldySE1zazkyRWp5T1pMcFFmVTRR
 bVlYbmFXT2xJY3R1VVBubmNaOXF6SEUKLS0tIEtab3M3WDhuWTg0dmdZQzNPUFJy
 L0VTa1VGYzJLMzAyNUtIWndLb3JaZTAKlgkKjqJKpmQl+HFUvKEt56mUJoUSGRtO
 ixZwSV+QuQ1bqZQHuWGQg5NcKz011xoemEnWbwc3sK/2xY1+Dp6B54bsbt8yhbr3
 182DS45TuJrNspSs+65dOvUxGdoJaEIlf5XmyfmyFMu9Lvfcc299HKZrSuDuZRoM
 xjJGwWnmFDsdniOS7yzC1Y15ptUxGllKSC8E+WWNsAcOmKpodTgruRW9sEn0hSIi
 Xor9D1W7W8uoHV3V5WEkTPBBtrTjzwxPjm0MSj9igml1BW22vqt4uDqhWqccJ84X
 FU7KJsmUy6KxKSzeGIesWhlR0tdrMshfZLgXECKTVDr5kMVsyi8PKhlX3XKljna8
 hiE9G3cm6LNpj9QeDxpNQmrilDk76j9TwK8u1CgGxlInjaRASHFP8d7x7JIxlUi4
 59g25VbBVBOeDL9nQcmXssin8gdAcK528aZOKdMTER7tgEqDEeEi4Cc+dzFYMI1X
 s62hLXLCAT7rlJHaaUf6zhoXBdQQka2wFLFKH0j1Y0jGM2pwseGOvHRLVWb8Jzty
 g0Vd42Tn8JqgkmCZlskB/Q3buScO8SuDKYypvIELtB3Rqw7VQwtcVqX/FjRLUYuE
 fXk3Vq5sAY5I6hUH
 -----END AGE ENCRYPTED FILE-----
--- a/home/encrypted_domain.txt.age
+++ b/home/encrypted_domain.txt.age
@@ -1,7 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRkRzdi9vOXZDNkJHcXIr
 czB2SzhxdWhsSy9zbCs5L2txNXRpYm0waUVjCnRha0VmblBsTW40c1BUWmp4TGxk
 eGJXSFhxNDlZeTBLbUYzRTBwenlrMUUKLS0tIEJjNm1ZYzBTelhkTzB4ZnhMWHg2
 SGtJUGZoaitZMTZYbHMzZ0pRRFk0K2MKF/zTT3k3qDpyc48t7VImOtWKnhWkjUKh
 xLoFy9B+8X/ivtWpDJX1DFKym0YhYA==
 -----END AGE ENCRYPTED FILE-----
--- a/home/encrypted_private_dot_passwd-s3fs.age
+++ b/home/encrypted_private_dot_passwd-s3fs.age
@@ -1,9 +0,0 @@
 -----BEGIN AGE ENCRYPTED FILE-----
 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbDd1eVZrc0JTNFhsa0pP
 L1Z5aHlFMDUvMEFWMHh3aVRaMXFEZkNpTXk0CmRLbkEzTEdwQVhiQ1VjUzdMV1Z0
 Snp4enIvK1dLT3ZYMGY2MVRRYjcxN1EKLS0tIFl2ZmRRR1BHdlRaNEJJalByZXZW
 QTdLdVkyZUx5RiszdW0zNUVRTElhbmMKZGlUTMhPLtH6BJjPpcalIXMKJ4k4zBB+
 nUXRyTIEEYtVx9HUtJ2aQLtRAg52LWIF3/6yMeXc8/O/blm6sFQmaQky6R8/Itpv
 KBSSqzdecdYnyNE517APOU9xQISXUVE1wFOUK1ijOcBc1vnXNBhhhHtPEBC0nuQj
 ytwIUYV8dXQSHA==
 -----END AGE ENCRYPTED FILE-----
--- a/home/run_onchange_install-packages.sh.tmpl
+++ b/home/run_onchange_install-packages.sh.tmpl
@@ -48,7 +48,7 @@ fi
 # Install hishtory
 if ! type -P hishtory; then
    echo "chezmoi: Installing hishtory"
-    export HISHTORY_SERVER="https://hsh.{{ joinPath .chezmoi.sourceDir ".domain.age" | include | decrypt }}"
+    export HISHTORY_SERVER="https://hsh.{{ dopplerProjectJson.PRIVATE_DOMAIN }}"
    export HISHTORY_SKIP_INIT_IMPORT='true'
    curl https://hishtory.dev/install.py | python3 - --offline --skip-config-modification
 fi