add apt package sources

home/.chezmoi.yaml.tmpl

@@ -1,16 +1,35 @@
 {{- $isGnome := lookPath "gnome-shell" | not | not -}}
 
 {{- $headless := true -}}
+{{- $ephemeral := not stdinIsATTY -}}
 
 {{- if $isGnome -}}
 {{-   $headless = false -}}
 {{- else if stdinIsATTY -}}
 {{-   $headless = promptBoolOnce . "headless" "headless" false -}}
+{{-   $ephemeral = promptBoolOnce . "ephemeral" "ephemeral" false -}}
 {{- end -}}
 
 {{- $email := default "michael@taron.dev" (env "GIT_AUTHOR_EMAIL") -}}
+
+{{/* workloads */}}
+{{- $kubernetesWorloadEnabled := lookPath "kubectl" | not | not }}
+{{- $kubernetesVersions := list "1.28" "1.29" "1.30" -}}
+{{- $kubernetesVersion := "1.28" -}}
+
+{{- $dockerWorloadEnabled := lookPath "docker" | not | not }}
+
 {{- if stdinIsATTY -}}
-{{    $email = promptStringOnce . "user.email" "email" $email }}
+{{-   $email = promptStringOnce . "user.email" "email" $email -}}
+{{-   if not $kubernetesWorloadEnabled -}}
+{{-     $kubernetesWorloadEnabled = promptBool . "workload.kubernetes.enabled" "☸ kubernetes" $kubernetesWorloadEnabled -}}
+{{-     if $kubernetesWorloadEnabled -}}
+{{-       $kubernetesVersion = promptChoiceOnce . "workload.kubernetes.version" "kubernetes version" $kubernetesVersions $kubernetesVersion -}}
+{{-     end -}}
+{{-   end -}}
+{{-   if not $dockerWorloadEnabled -}}
+{{-     $dockerWorloadEnabled = promptBool . "workload.docker.enabled" "🐳 docker" $dockerWorloadEnabled -}}
+{{-   end -}}
 {{- end -}}
 
 gitHub:
@@ -19,9 +38,16 @@ gitHub:
 data:
   headless: {{ $headless }}
   isGnome: {{ $isGnome }}
+  ephemeral: {{ $ephemeral }}
 
   user:
     name: "Michael Taron"
-    email: {{ $email | quote }}
+    email: {{ quote $email }}
     github: "mtaron"
 
+  workload:
+    docker:
+      enabled: {{ $dockerWorloadEnabled }}
+    kubernetes:
+      enabled: {{ $kubernetesWorloadEnabled }}
+      version: {{ quote $kubernetesVersion }}

home/.chezmoiexternal.yaml.tmpl

@@ -37,11 +37,13 @@
   url: https://github.com/pulumi/pulumi/releases/download/{{ $pulumi_version }}/pulumi-{{ $pulumi_version }}-linux-x64.tar.gz
   stripComponents: 1
 
+{{ if .workload.kubernetes.enabled -}}
 {{ $kubelogin_version := (gitHubLatestRelease "Azure/kubelogin").TagName -}}
 .local/bin/kubelogin:
   type: archive-file
   url: https://github.com/Azure/kubelogin/releases/download/{{ $kubelogin_version }}/kubelogin-linux-amd64.zip
   path: bin/linux_amd64/kubelogin
+{{- end }}
 
 {{ if not .headless -}}
 {{ $nerd_fonts_version := (gitHubLatestRelease "ryanoasis/nerd-fonts").TagName -}}

home/.chezmoiscripts/linux/run_once_before_chsh.sh → home/.chezmoiscripts/linux/run_once_after_chsh.sh.tmpl

@@ -1,3 +1,4 @@
+{{- if not .ephemeral -}}
 #!/usr/bin/env sh
 
 set -e
@@ -7,3 +8,4 @@ if [ "$SHELL" != "$zsh_path" ]; then
     echo "▶️ changing default shell to zsh"
     sudo chsh --shell "$zsh_path"
 fi
+{{- end -}}

home/.chezmoiscripts/linux/run_onchange_before_apt.sh.tmpl

@@ -0,0 +1,108 @@
+{{- if not .ephemeral -}}
+#!/usr/bin/env sh
+
+set -eu pipefail
+
+APT_KEYRING=/etc/apt/keyrings
+
+add_apt_key()
+{
+  sudo gpg --yes --dearmor --output "$1"
+}
+
+add_apt_source()
+{
+  sudo tee "/etc/apt/sources.list.d/$1" > /dev/null
+}
+
+echo "▶️ adding apt repositories"
+
+echo "▶️▶️ GitHub"
+curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+  | add_apt_key $APT_KEYRING/githubcli.gpg
+echo "deb [arch=amd64 signed-by=$APT_KEYRING/githubcli.gpg] https://cli.github.com/packages stable main" \
+  | add_apt_source github-cli.list
+
+{{ if .workload.kubernetes.enabled -}}
+  echo "▶️▶️ Kubernetes {{ .workload.kubernetes.version }}"
+  curl -fsSL https://pkgs.k8s.io/core:/stable:/v{{ .workload.kubernetes.version }}/deb/Release.key \
+    | add_apt_key $APT_KEYRING/kubernetes.gpg
+  echo "deb [signed-by=$APT_KEYRING/kubernetes.gpg] https://pkgs.k8s.io/core:/stable:/v{{ .workload.kubernetes.version }}/deb/ /" \
+    | add_apt_source kubernetes.list
+{{- end }}
+
+echo "▶️▶️ 1Password"
+# https://support.1password.com/install-linux/#debian-or-ubuntu
+curl -fsSL https://downloads.1password.com/linux/keys/1password.asc \
+  | add_apt_key $APT_KEYRING/1password.gpg
+echo "deb [arch=amd64 signed-by=$APT_KEYRING/1password.gpg] https://downloads.1password.com/linux/debian/amd64 stable main" \
+  | add_apt_source 1password.list
+
+sudo mkdir -p /etc/debsig/policies/AC2D62742012EA22/
+curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol \
+  | sudo tee /etc/debsig/policies/AC2D62742012EA22/1password.pol > /dev/null
+
+sudo mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
+curl -sS https://downloads.1password.com/linux/keys/1password.asc \
+  | add_apt_key /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
+
+{{ if .workload.docker.enabled -}}
+  echo "▶️▶️ Docker"
+  # https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
+  curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
+    | add_apt_key $APT_KEYRING/docker.gpg
+
+  echo "deb [arch=amd64 signed-by=$APT_KEYRING/docker.gpg] https://download.docker.com/linux/ubuntu {{ .chezmoi.osRelease.versionCodename }} stable" \
+    | add_apt_source docker.list
+{{- end }}
+
+{{ if not .headless -}}
+  echo "▶️▶️ Brave"
+  # https://brave.com/linux/#debian-ubuntu-mint
+  curl -fsSL https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg \
+    | add_apt_key $APT_KEYRING/brave-browser.gpg
+
+  echo "deb [signed-by=$APT_KEYRING/brave-browser.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" \
+    | add_apt_source brave-browser-release.list
+{{- end }}
+
+sudo apt-get update --yes
+
+{{ $packages := list
+     "1password-cli"
+     "bat"
+     "curl"
+     "fd-find"
+     "fzf"
+     "gh"
+     "git-lfs"
+     "git"
+     "jq"
+     "ripgrep"
+     "shellcheck"
+     "units"
+     "unzip"
+     "xclip"
+     "zsh" -}}
+
+{{ if .workload.docker.enabled -}}
+{{ $dockerPackages := list
+     "docker-ce"
+     "docker-ce-cli"
+     "containerd.io"
+     "docker-buildx-plugin"
+     "docker-compose-plugin" -}}
+{{   $packages = concat $packages $dockerPackages -}}
+{{ end -}}
+
+{{ if .workload.kubernetes.enabled -}}
+{{   $packages = mustAppend $packages "kubectl" -}}
+{{ end -}}
+
+{{ if not .headless -}}
+{{   $packages = concat $packages (list "brave-browser" "1password") -}}
+{{ end -}}
+
+sudo apt-get install --yes {{ $packages | join " " }}
+
+{{- end -}}

home/private_dot_profile.tmpl

@@ -17,6 +17,7 @@ export VISUAL=code
 # Color man pages with bat
 # https://github.com/sharkdp/bat#man
 export MANPAGER="sh -c 'col -bx | bat -l man -p'"
+export MANROFFOPT="-c"
 export PAGER='less --quit-if-one-screen --mouse'
 
 {{ if and (eq .chezmoi.os "linux") (not .headless) -}}

scratch/scratch.md

@@ -38,93 +38,3 @@ https://www.ibm.com/docs/en/hpvs/1.2.x?topic=reference-openssl-configuration-exa
 https://betterprogramming.pub/how-to-create-trusted-ssl-certificates-for-your-local-development-13fd5aad29c6
 https://www.richud.com/wiki/Ubuntu_chrome_browser_import_self_signed_certificat
 https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html <- name constraints
-
-
-## Todo
-
-```
-curl -fsSL <key url> \
-| sudo gpg --dearmor --output /etc/apt/keyrings/<name>.gpg
-```
-
-Brave:
-```
-curl -fsSL https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg \
-| sudo gpg --dearmor --output /etc/apt/keyrings/brave-browser.gpg
-```
-
-GitHub:
-```
-curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
-| sudo gpg --dearmor --output /etc/apt/keyrings/githubcli.gpg
-```
-
-Kubectl:
-```
-curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key \
-| sudo gpg --dearmor --output /etc/apt/keyrings/kubernetes.gpg
-```
-
-1Password:
-https://support.1password.com/install-linux/#debian-or-ubuntu
-```
-curl -fsSL https://downloads.1password.com/linux/keys/1password.asc \
-| sudo gpg --dearmor --output /etc/apt/keyrings/1password.gpg
-```
-
-Add sources:
-
-Brave:
-https://brave.com/linux/#debian-ubuntu-mint
-```
-echo 'deb [signed-by=/etc/apt/keyrings/brave-browser.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main' \
-| sudo tee /etc/apt/sources.list.d/brave-browser-release.list > /dev/null
-```
-
-GitHub:
-https://github.com/cli/cli/blob/trunk/docs/install_linux.md
-```
-echo 'deb [arch=amd64 signed-by=/etc/apt/keyrings/githubcli.gpg] https://cli.github.com/packages stable main' \
-| sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
-```
-
-Kubectl:
-https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management
-```
-echo 'deb [signed-by=/etc/apt/keyrings/kubernetes.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' \
-| sudo tee /etc/apt/sources.list.d/kubernetes.list  > /dev/null
-```
-
-1Password:
-https://support.1password.com/install-linux/#debian-or-ubuntu
-```
-echo 'deb [arch=amd64 signed-by=/etc/apt/keyrings/1password.gpg] https://downloads.1password.com/linux/debian/amd64 stable main' \
-| sudo tee /etc/apt/sources.list.d/1password.list > /dev/null
-```
-
-```
-sudo mkdir -p /etc/debsig/policies/AC2D62742012EA22/
-curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | sudo tee /etc/debsig/policies/AC2D62742012EA22/1password.pol
-sudo mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
-curl -sS https://downloads.1password.com/linux/keys/1password.asc | sudo gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
-```
-
-Docker
-https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
-```
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
-| sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-```
-
-```
-echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
-  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-```
-sudo apt install git git-lfs jq kubectl ripgrep shellcheck gh brave-browser 1password  1password-cli
-
-sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-
-sudo apt install bat direnv fzf unzip xclip
-