/
private_private.sh.tmpl
155 lines (121 loc) · 12.7 KB
/
private_private.sh.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
{{- if (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) -}}
#!/usr/bin/env sh
# @file Secrets
# @brief Seperate environment variables file that, when manually sourced, includes secret environment variables
# @description
# This script can be invoked by running `. ~/.config/shell/private.sh` to include secret environment variables
# that are populated by Install Doctor during the provisioning process (if they are provided).
### Ansible
export ANSIBLE_GALAXY_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ANSIBLE_GALAXY_TOKEN")) }}{{ includeTemplate "secrets/ANSIBLE_GALAXY_TOKEN" | decrypt | trim }}{{ else }}{{ env "ANSIBLE_GALAXY_TOKEN" }}{{ end }}"
export ANSIBLE_VAULT_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ANSIBLE_VAULT_PASSWORD")) }}{{ includeTemplate "secrets/ANSIBLE_VAULT_PASSWORD" | decrypt | trim }}{{ else }}{{ env "ANSIBLE_VAULT_PASSWORD" }}{{ end }}"
export AVP="$ANSIBLE_VAULT_PASSWORD"
### Atuin
export ATUIN_EMAIL="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ATUIN_EMAIL")) }}{{ includeTemplate "secrets/ATUIN_EMAIL" | decrypt | trim }}{{ else }}{{ env "ATUIN_EMAIL" }}{{ end }}"
export ATUIN_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ATUIN_PASSWORD")) }}{{ includeTemplate "secrets/ATUIN_PASSWORD" | decrypt | trim }}{{ else }}{{ env "ATUIN_PASSWORD" }}{{ end }}"
export ATUIN_USERNAME="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ATUIN_USERNAME")) }}{{ includeTemplate "secrets/ATUIN_USERNAME" | decrypt | trim }}{{ else }}{{ env "ATUIN_USERNAME" }}{{ end }}"
export ATUIN_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ATUIN_KEY")) }}{{ includeTemplate "secrets/ATUIN_KEY" | decrypt | trim }}{{ else }}{{ env "ATUIN_KEY" }}{{ end }}"
### AWS
export AWS_ACCESS_KEY_ID="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "AWS_ACCESS_KEY_ID")) }}{{ includeTemplate "secrets/AWS_ACCESS_KEY_ID" | decrypt | trim }}{{ else }}{{ env "AWS_ACCESS_KEY_ID" }}{{ end }}"
export AWS_SECRET_ACCESS_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "AWS_SECRET_ACCESS_KEY")) }}{{ includeTemplate "secrets/AWS_SECRET_ACCESS_KEY" | decrypt | trim }}{{ else }}{{ env "AWS_SECRET_ACCESS_KEY" }}{{ end }}"
export AWS_DEFAULT_REGION="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "AWS_DEFAULT_REGION")) }}{{ includeTemplate "secrets/AWS_DEFAULT_REGION" | decrypt | trim }}{{ else }}{{ env "AWS_DEFAULT_REGION" }}{{ end }}"
### Google Cloud SDK
export CLOUDSDK_CORE_PROJECT="{{ .user.gcloud.coreProject }}"
export GCE_SERVICE_ACCOUNT_EMAIL="{{ .user.gcloud.email }}"
export GCE_CREDENTIALS_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/gcloud/gcp.json"
### CloudFlare
# Source: https://github.com/cloudflare/cf-terraforming
export CLOUDFLARE_API_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_API_TOKEN")) }}{{ includeTemplate "secrets/CLOUDFLARE_API_TOKEN" | decrypt | trim }}{{ else }}{{ env "CLOUDFLARE_API_TOKEN" }}{{ end }}"
# If using API Key
# export CLOUDFLARE_EMAIL='user@example.com'
# export CLOUDFLARE_API_KEY='1150bed3f45247b99f7db9696fffa17cbx9'
# Specify zone ID
# export CLOUDFLARE_ZONE_ID='81b06ss3228f488fh84e5e993c2dc17'
export LEXICON_CLOUDFLARE_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_API_TOKEN")) }}{{ includeTemplate "secrets/CLOUDFLARE_API_TOKEN" | decrypt | trim }}{{ else }}{{ env "CLOUDFLARE_API_TOKEN" }}{{ end }}"
export LEXICON_CLOUDFLARE_ZONE="{{ .host.domain }}"
### DockerHub
export DOCKERHUB_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "DOCKERHUB_TOKEN")) }}{{ includeTemplate "secrets/DOCKERHUB_TOKEN" | decrypt | trim }}{{ else }}{{ env "DOCKERHUB_TOKEN" }}{{ end }}"
export DOCKERHUB_REGISTRY_PASSWORD="$DOCKERHUB_TOKEN"
### Elevenlabs
export ELEVENLABS_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "ELEVENLABS_API_KEY")) }}{{ includeTemplate "secrets/ELEVENLABS_API_KEY" | decrypt | trim }}{{ else }}{{ env "ELEVENLABS_API_KEY" }}{{ end }}"
### Fig
export FIG_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "FIG_TOKEN")) }}{{ includeTemplate "secrets/FIG_TOKEN" | decrypt | trim }}{{ else }}{{ env "FIG_TOKEN" }}{{ end }}"
### GitHub
export GH_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITHUB_TOKEN")) }}{{ includeTemplate "secrets/GITHUB_TOKEN" | decrypt | trim }}{{ else }}{{ env "GITHUB_TOKEN" }}{{ end }}"
export GITHUB_TOKEN="$GH_TOKEN"
### GitLab
export GL_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_TOKEN")) }}{{ includeTemplate "secrets/GITLAB_TOKEN" | decrypt | trim }}{{ else }}{{ env "GITLAB_TOKEN" }}{{ end }}"
export GITLAB_TOKEN="$GL_TOKEN"
export GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN" | decrypt }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN" }}{{ end }}"
### Heroku
export HEROKU_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HEROKU_API_KEY")) }}{{ includeTemplate "secrets/HEROKU_API_KEY" | decrypt | trim }}{{ else }}{{ env "HEROKU_API_KEY" }}{{ end }}"
### Hishtory
export HISHTORY_USER_SECRET="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "HISHTORY_USER_SECRET")) }}{{ includeTemplate "secrets/HISHTORY_USER_SECRET" | decrypt | trim }}{{ else }}{{ env "HISHTORY_USER_SECRET" }}{{ end }}"
### Install Doctor
# TODO: Replace HEADLESS_INSTALL with {{ .host.headless }} data source once headless install detection is implemented
# export HEADLESS_INSTALL={{ .host.headless }}
export FIREFOX_PUBLIC_PROFILE="{{ .firefoxPublicProfile }}"
export FULL_NAME="{{ .user.name }}"
export HEADLESS_INSTALL=true
export HOST="{{ .host.hostname }}"
export KEYID="{{ .user.gpg.id }}"
export PRIMARY_EMAIL="{{ .user.email }}"
export PUBLIC_SERVICES_DOMAIN="{{ .host.domain }}"
export RESTRICTED_ENVIRONMENT={{ .host.restricted }}
export SOFTWARE_GROUP="{{ .host.softwareGroup }}"
export USER_USERNAME="{{ .user.username }}"
export WORK_ENVIRONMENT={{ .host.work }}
# Set to work environment if Cisco applications are installed (modify this to your liking)
if [ -d /Applications/Cisco ]; then
export WORK_ENVIRONMENT=true
fi
### JuiceFS
export JFS_RSA_PASSPHRASE="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "JFS_RSA_PASSPHRASE")) }}{{ includeTemplate "secrets/JFS_RSA_PASSPHRASE" | decrypt | trim }}{{ else }}{{ env "JFS_RSA_PASSPHRASE" }}{{ end }}"
### Megabyte Labs
export FULLY_AUTOMATED_TASKS=true
### Minio
export MINIO_ROOT_USER="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "MINIO_ROOT_USER")) }}{{ includeTemplate "secrets/MINIO_ROOT_USER" | decrypt | trim }}{{ else }}{{ env "MINIO_ROOT_USER" }}{{ end }}"
export MINIO_ROOT_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "MINIO_ROOT_PASSWORD")) }}{{ includeTemplate "secrets/MINIO_ROOT_PASSWORD" | decrypt | trim }}{{ else }}{{ env "MINIO_ROOT_PASSWORD" }}{{ end }}"
### NPM
export NPM_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NPM_TOKEN")) }}{{ includeTemplate "secrets/NPM_TOKEN" | decrypt | trim }}{{ else }}{{ env "NPM_TOKEN" }}{{ end }}"
### OpenAI
export OPENAI_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "OPENAI_API_KEY")) }}{{ includeTemplate "secrets/OPENAI_API_KEY" | decrypt | trim }}{{ else }}{{ env "OPENAI_API_KEY" }}{{ end }}"
### OpenCommit
export OCO_OPENAI_API_KEY="$OPENAI_API_KEY"
### Pexels
export PEXELS_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "PEXELS_API_KEY")) }}{{ includeTemplate "secrets/PEXELS_API_KEY" | decrypt | trim }}{{ else }}{{ env "PEXELS_API_KEY" }}{{ end }}"
### PyPi
export PYPI_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "PYPI_TOKEN")) }}{{ includeTemplate "secrets/PYPI_TOKEN" | decrypt | trim }}{{ else }}{{ env "PYPI_TOKEN" }}{{ end }}"
### Replicate
export REPLICATE_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "REPLICATE_API_KEY")) }}{{ includeTemplate "secrets/REPLICATE_API_KEY" | decrypt | trim }}{{ else }}{{ env "REPLICATE_API_KEY" }}{{ end }}"
### Search GPT
# Also relies on `OPENAI_API_KEY`
export GOOGLE_SEARCH_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_API_KEY")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_API_KEY" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_API_KEY" }}{{ end }}"
export GOOGLE_SEARCH_ID="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GOOGLE_SEARCH_ID")) }}{{ includeTemplate "secrets/GOOGLE_SEARCH_ID" | decrypt | trim }}{{ else }}{{ env "GOOGLE_SEARCH_ID" }}{{ end }}"
### SendGrid API Key
export SENDGRID_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SENDGRID_API_KEY")) }}{{ includeTemplate "secrets/SENDGRID_API_KEY" | decrypt | trim }}{{ else }}{{ env "SENDGRID_API_KEY" }}{{ end }}"
### Serper.dev
export SERP_API_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SERP_API_KEY")) }}{{ includeTemplate "secrets/SERP_API_KEY" | decrypt | trim }}{{ else }}{{ env "SERP_API_KEY" }}{{ end }}"
### SFTPGo
export SFTPGO_DEFAULT_ADMIN_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SFTPGO_DEFAULT_ADMIN_PASSWORD")) }}{{ includeTemplate "secrets/SFTPGO_DEFAULT_ADMIN_PASSWORD" | decrypt | trim }}{{ else }}{{ env "SFTPGO_DEFAULT_ADMIN_PASSWORD" }}{{ end }}"
export SFTPGO_DEFAULT_ADMIN_USERNAME="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SFTPGO_DEFAULT_ADMIN_USERNAME")) }}{{ includeTemplate "secrets/SFTPGO_DEFAULT_ADMIN_USERNAME" | decrypt | trim }}{{ else }}{{ env "SFTPGO_DEFAULT_ADMIN_USERNAME" }}{{ end }}"
### Snapcraft
export SNAPCRAFT_EMAIL="{{ .user.snapcraft.username }}"
export SNAPCRAFT_MACAROON="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SNAPCRAFT_MACAROON")) }}{{ includeTemplate "secrets/SNAPCRAFT_MACAROON" | decrypt | trim }}{{ else }}{{ env "SNAPCRAFT_MACAROON" }}{{ end }}"
export SNAPCRAFT_UNBOUND_DISCHARGE="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SNAPCRAFT_UNBOUND_DISCHARGE")) }}{{ includeTemplate "secrets/SNAPCRAFT_UNBOUND_DISCHARGE" | decrypt | trim }}{{ else }}{{ env "SNAPCRAFT_UNBOUND_DISCHARGE" }}{{ end }}"
### Surge.sh
export SURGE_LOGIN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SURGE_LOGIN")) }}{{ includeTemplate "secrets/SURGE_LOGIN" | decrypt | trim }}{{ else }}{{ env "SURGE_LOGIN" }}{{ end }}"
export SURGE_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "SURGE_TOKEN")) }}{{ includeTemplate "secrets/SURGE_TOKEN" | decrypt | trim }}{{ else }}{{ env "SURGE_TOKEN" }}{{ end }}"
### Tailscale
export TAILSCALE_AUTH_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "TAILSCALE_AUTH_KEY")) }}{{ includeTemplate "secrets/TAILSCALE_AUTH_KEY" | decrypt | trim }}{{ else }}{{ env "TAILSCALE_AUTH_KEY" }}{{ end }}"
### Vagrant Cloud
export VAGRANT_CLOUD_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VAGRANT_CLOUD_TOKEN")) }}{{ includeTemplate "secrets/VAGRANT_CLOUD_TOKEN" | decrypt | trim }}{{ else }}{{ env "VAGRANT_CLOUD_TOKEN" }}{{ end }}"
### VMWare
export VMWARE_WORKSTATION_LICENSE_KEY="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "VMWARE_WORKSTATION_LICENSE_KEY")) }}{{ includeTemplate "secrets/VMWARE_WORKSTATION_LICENSE_KEY" | decrypt | trim }}{{ else }}{{ default "4C21U-2KK9Q-M8130-4V2QH-CF810" (env "VMWARE_WORKSTATION_LICENSE_KEY") }}{{ end }}"
### WebDAV
export WEBDAV_USER="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "WEBDAV_USER")) }}{{ includeTemplate "secrets/WEBDAV_USER" | decrypt | trim }}{{ else }}{{ env "WEBDAV_USER" }}{{ end }}"
export WEBDAV_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "WEBDAV_PASSWORD")) }}{{ includeTemplate "secrets/WEBDAV_PASSWORD" | decrypt | trim }}{{ else }}{{ env "WEBDAV_PASSWORD" }}{{ end }}"
### Xcodes
# Apple ID username and password
export XCODES_USERNAME="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "APPLE_USERNAME")) }}{{ includeTemplate "secrets/APPLE_USERNAME" | decrypt | trim }}{{ else }}{{ env "APPLE_USERNAME" }}{{ end }}"
export XCODES_PASSWORD="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "APPLE_PASSWORD")) }}{{ includeTemplate "secrets/APPLE_PASSWORD" | decrypt | trim }}{{ else }}{{ env "APPLE_PASSWORD" }}{{ end }}"
{{ end -}}