diff --git a/bin/dotfiles b/bin/dotfiles index f2a134bb..8622b510 100755 --- a/bin/dotfiles +++ b/bin/dotfiles @@ -40,6 +40,7 @@ set -e # Paths VAULT_SECRET_FILE="$HOME/.ansible-vault/vault.secret" OP_INSTALLED=false +OP_AUTHENTICATED=false OP_VAULT_SECRET="" ID="" DOTFILES_LOG="$HOME/.dotfiles.log" @@ -184,10 +185,12 @@ update_ansible_galaxy() { _cmd "ansible-galaxy install -r $DOTFILES_DIR/requirements/common.yml $os_requirements" } -function use_op_vault_if_possible() { +function confirmVaultAccess() { __task "Checking for 1Password CLI" if op --version >/dev/null 2>&1; then OP_INSTALLED=true + _cmd "op vault list" + OP_AUTHENTICATED=true fi } @@ -236,29 +239,15 @@ fi pushd "$DOTFILES_DIR" 2>&1 > /dev/null update_ansible_galaxy $ID -use_op_vault_if_possible +confirmVaultAccess -__task "Running playbook ☕"; _task_done if [[ -n $OP_INSTALLED ]]; then - OP_VAULT_SECRET="$(op read 'op://Personal/Ansible Vault/password')" - if [[ -n $OP_VAULT_SECRET ]]; then - printf "${OVERWRITE}${LGREEN} [✓] ${LGREEN}Using vault secret from 1Password${NC}\n" - rm -f $VAULT_SECRET_FILE - else - printf "${OVERWRITE}${LRED} [X] ${LRED}No vault secret found in 1Password${NC}\n" -fi -fi -if [[ -f $VAULT_SECRET_FILE ]]; then - printf "${OVERWRITE}${LGREEN} [✓] ${LGREEN}Running playbook with vault secret ☕${NC}\n" - ansible-playbook --vault-password-file $VAULT_SECRET_FILE "$DOTFILES_DIR/main.yml" "$@" -else - # if we have OP_VAULT_SECRET, we can use it as the vault password - if [[ -n $OP_VAULT_SECRET ]]; then - printf "${OVERWRITE}${LGREEN} [✓] ${LGREEN}Running playbook with vault secret from 1Password ☕${NC}\n" - ansible-playbook --vault-password-file <(echo $OP_VAULT_SECRET) "$DOTFILES_DIR/main.yml" "$@" - unset OP_VAULT_SECRET - else + if [[ -n $OP_AUTHENTICATED ]]; then + printf "${OVERWRITE}${LGREEN} [✓] ${LGREEN}Checking for 1Password CLI: 1Password Authentication successful! ☕${NC}\n" + rm -f $VAULT_SECRET_FILE ansible-playbook "$DOTFILES_DIR/main.yml" "$@" + else + printf "${OVERWRITE}${LRED} [X] ${LRED}Checking for 1Password CLI: Unable to Authenticate with 1Password.${NC}\n" fi fi diff --git a/group_vars/all.yml b/group_vars/all.yml index 2c432b51..a73fc712 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -10,6 +10,7 @@ default_roles: - flatpak - fonts - fzf + - gh - git - go - hammerspoon @@ -21,6 +22,7 @@ default_roles: - lsd - lua - nala + - ncdu - neofetch - neovim - nerdfetch @@ -31,8 +33,9 @@ default_roles: - pwsh - python - raycast - - ruby - - rust + # - ruby + # - rust + - spotify - ssh - sshfs - starship @@ -41,9 +44,9 @@ default_roles: - tldr - tmate - tmux - - tshark - - zellij - - spotify + # - tshark + - warp + # - zellij - zoxide - zsh @@ -57,10 +60,11 @@ op: ssh: github: techdufus: - private_key: "op://Personal/TechDufus SSH/private key?ssh-format=openssh" - public_key: "op://Personal/TechDufus SSH/public key" - openai: - key: "op://Personal/Openai/OPENAI_KEY - Project" + - name: id_ed25519 + vault_path: "op://Personal/TechDufus SSH" + shell: + - name: OPENAI_API_KEY + vault_path: "op://Personal/Openai/OPENAI_KEY - Project" flatpak_packages: - md.obsidian.Obsidian diff --git a/roles/bash/tasks/main.yml b/roles/bash/tasks/main.yml index 2a589961..a976ef69 100644 --- a/roles/bash/tasks/main.yml +++ b/roles/bash/tasks/main.yml @@ -56,9 +56,17 @@ mode: "0644" force: true +- name: "Bash | Set bash_private init" + ansible.builtin.set_fact: + bash_private: {} + no_log: true + - name: "Bash | Get private variables from Vault" when: op_installed - ansible.builtin.import_tasks: vault.yml + ansible.builtin.include_tasks: vault.yml + with_items: "{{ op.shell }}" + loop_control: + loop_var: secret - name: "Bash | Set private variables" ansible.builtin.template: diff --git a/roles/bash/tasks/vault.yml b/roles/bash/tasks/vault.yml index 3c13c01d..47dd5fe4 100644 --- a/roles/bash/tasks/vault.yml +++ b/roles/bash/tasks/vault.yml @@ -1,19 +1,14 @@ --- - name: "Bash | Get private variables from Vault" - ansible.builtin.command: "op read 'op://Personal/Openai/OPENAI_KEY - Project'" - register: op_openai_key + ansible.builtin.command: "op read '{{ secret.vault_path }}'" + register: op_secret changed_when: false no_log: true -- name: "Bash | Set bash_private init" - ansible.builtin.set_fact: - bash_private: {} - no_log: true - - name: "Bash | Set bash_private" ansible.builtin.set_fact: bash_private: "{{ bash_private | combine({ item.key: item.value }) }}" no_log: true with_items: - - key: OPENAI_API_KEY - value: "{{ op_openai_key.stdout }}" + - key: "{{ secret.name }}" + value: "{{ op_secret.stdout }}" diff --git a/roles/orbstack/tasks/MacOSX.yml b/roles/orbstack/tasks/MacOSX.yml index 40f5d63a..aae8d6d8 100644 --- a/roles/orbstack/tasks/MacOSX.yml +++ b/roles/orbstack/tasks/MacOSX.yml @@ -18,6 +18,6 @@ # state: present - name: "OrbStack | MacOSX | Install OrbStack" - ansible.builtin.homebrew_cask: + community.general.homebrew_cask: name: orbstack state: present diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml index 52d934d0..3da7d4ad 100644 --- a/roles/ssh/tasks/main.yml +++ b/roles/ssh/tasks/main.yml @@ -1,44 +1,8 @@ --- - name: "SSH | Deploy SSH keys from Vault" when: op_installed - block: - - name: "SSH | Get [TechDufus SSH] key from Vault" - ansible.builtin.command: "op read '{{ op.ssh.github.techdufus.private_key }}'" - register: op_techdufus_ssh_priv_key - changed_when: false - no_log: true - - - name: "SSH | Get [TechDufus SSH] public key from Vault" - ansible.builtin.command: "op read '{{ op.ssh.github.techdufus.public_key }}'" - register: op_techdufus_ssh_pub_key - changed_when: false - no_log: true - - - name: "SSH | ssh_key_item init" - ansible.builtin.set_fact: - ssh_key: {} - no_log: true - - # NOTE: adding \n to end of priv keys is required when pulling from 1password. - - name: "SSH | Set ssh_key" - ansible.builtin.set_fact: - ssh_key: "{{ ssh_key | combine({item.key: item.value}) }}" - no_log: true - with_items: - - key: id_ed25519 - value: "{{ op_techdufus_ssh_priv_key.stdout }}\n" - - key: id_ed25519.pub - value: "{{ op_techdufus_ssh_pub_key.stdout }}" - -- name: "SSH | Copy SSH keys" - ansible.builtin.copy: - dest: "{{ ansible_user_dir }}/.ssh/{{ ssh_key_item.key }}" - content: "{{ ssh_key_item.value }}" - mode: "0600" - no_log: true - loop_control: - loop_var: ssh_key_item - with_items: "{{ ssh_key | default({}) | dict2items }}" + ansible.builtin.include_tasks: ssh_keys.yml + with_items: "{{ op.ssh.github.techdufus }}" # - name: Copy config # ansible.builtin.template: diff --git a/roles/ssh/tasks/ssh_keys.yml b/roles/ssh/tasks/ssh_keys.yml new file mode 100644 index 00000000..18a9a217 --- /dev/null +++ b/roles/ssh/tasks/ssh_keys.yml @@ -0,0 +1,27 @@ +- name: "SSH | Get [{{ item.name }}] key from Vault" + ansible.builtin.command: "op read '{{ item.vault_path }}/private_key?ssh-format=openssh'" + register: op_private_key + changed_when: false + no_log: true + +- name: "SSH | Get [{{ item.name }}] public key from Vault" + ansible.builtin.command: "op read '{{ item.vault_path }}/public_key'" + register: op_public_key + changed_when: false + no_log: true + +- name: "SSH | Copy SSH keys" + block: + - name: "SSH | Deploy [{{ item.name }}] private key" + ansible.builtin.copy: + dest: "{{ ansible_user_dir }}/.ssh/{{ item.name }}" + content: "{{ op_private_key.stdout }}\n" + mode: "0600" + no_log: true + + - name: "SSH | Deploy [{{ item.name }}] public key" + ansible.builtin.copy: + dest: "{{ ansible_user_dir }}/.ssh/{{ item.name }}.pub" + content: "{{ op_public_key.stdout }}" + mode: "0644" + no_log: true diff --git a/roles/sshfs/tasks/MacOSX.yml b/roles/sshfs/tasks/MacOSX.yml deleted file mode 100644 index e8fb0d1f..00000000 --- a/roles/sshfs/tasks/MacOSX.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "SSHFS | MacOSX | Install sshfs" - community.general.homebrew: - name: sshfs - state: present - when: ansible_distribution_major_version | int >= 13 diff --git a/roles/starship/files/starship.toml b/roles/starship/files/starship.toml index 331e3381..ea26bb86 100644 --- a/roles/starship/files/starship.toml +++ b/roles/starship/files/starship.toml @@ -99,8 +99,9 @@ $directory\ $character""" -# format = """$os$directory$character""" -# right_format = """$all""" +# format = """$all$os$shell$directory$character""" +# right_format = '${custom.giturl}${custom.docker}' +# continuation_prompt = '▶▶ ' # Sets user-defined palette # Palettes must be defined _after_ this line @@ -439,6 +440,9 @@ zsh_indicator = " " [swift] symbol = " " +[time] +disabled = true + [username] disabled = false format = '[$user]($style) ' diff --git a/roles/zsh/files/.zshrc b/roles/zsh/files/.zshrc index 171ac572..01fe8263 100644 --- a/roles/zsh/files/.zshrc +++ b/roles/zsh/files/.zshrc @@ -80,7 +80,6 @@ plugins=( command-not-found docker fzf - git gh golang helm @@ -93,8 +92,8 @@ plugins=( starship terraform themes - timer zoxide + zsh-autosuggestions ) source $ZSH/oh-my-zsh.sh diff --git a/roles/zsh/files/zsh/git_aliases.zsh b/roles/zsh/files/zsh/git_aliases.zsh index ce353c87..666ddd44 100644 --- a/roles/zsh/files/zsh/git_aliases.zsh +++ b/roles/zsh/files/zsh/git_aliases.zsh @@ -1,10 +1,9 @@ #!/usr/bin/env zsh -alias yolo="git push origin master --force --no-verify" -alias g='git' alias gs='git status' alias gcane='git commit --amend --no-edit' alias gc="git checkout" +alias gd="git diff" alias ggl="git log --graph --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%an%C(reset)%C(bold yellow)%d%C(reset) %C(dim white)- %s%C(reset)' --all" diff --git a/roles/zsh/files/zsh/misc_aliases.zsh b/roles/zsh/files/zsh/misc_aliases.zsh index 0ac80908..6297de66 100644 --- a/roles/zsh/files/zsh/misc_aliases.zsh +++ b/roles/zsh/files/zsh/misc_aliases.zsh @@ -4,3 +4,4 @@ alias bt='btop' alias comment-header='toilet -f pagga -S' alias i='explorer.exe' alias ncdu='ncdu --color dark -e -q --exclude-caches --exclude-kernfs -L' +alias c='clear' diff --git a/roles/zsh/tasks/main.yml b/roles/zsh/tasks/main.yml index f133b33f..6b6b5e9f 100644 --- a/roles/zsh/tasks/main.yml +++ b/roles/zsh/tasks/main.yml @@ -36,14 +36,21 @@ - name: "ZSH | Run the install script" ansible.builtin.script: cmd: /{{ ansible_user_dir }}/oh-my-zsh.install.sh --unattended -# + +- name: "ZSH | Install zsh-autosuggestions" + ansible.builtin.git: + repo: https://github.com/zsh-users/zsh-autosuggestions + dest: ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions + update: true + depth: 1 + - name: "ZSH | Copy .zshrc" ansible.builtin.copy: src: ".zshrc" dest: "{{ ansible_user_dir }}/.zshrc" mode: "0644" # -# - name: "Bash | Copy .profile" +# - name: "ZSH | Copy .profile" # ansible.builtin.copy: # src: ".profile" # dest: "{{ ansible_user_dir }}/.profile" @@ -57,9 +64,17 @@ directory_mode: "0755" force: true +- name: "ZSH | Set zsh_private init" + ansible.builtin.set_fact: + zsh_private: {} + no_log: true + - name: "ZSH | Get private variables from Vault" when: op_installed - ansible.builtin.import_tasks: vault.yml + ansible.builtin.include_tasks: vault.yml + with_items: "{{ op.shell }}" + loop_control: + loop_var: secret - name: "ZSH | Set private variables" ansible.builtin.template: diff --git a/roles/zsh/tasks/vault.yml b/roles/zsh/tasks/vault.yml index 535edbbf..e7673010 100644 --- a/roles/zsh/tasks/vault.yml +++ b/roles/zsh/tasks/vault.yml @@ -1,19 +1,14 @@ --- - name: "ZSH | Get private variables from Vault" - ansible.builtin.command: "op read '{{ op.openai.key }}'" - register: op_openai_key + ansible.builtin.command: "op read '{{ secret.vault_path }}'" + register: op_secret changed_when: false no_log: true -- name: "ZSH | Set zsh_private init" - ansible.builtin.set_fact: - zsh_private: {} - no_log: true - - name: "ZSH | Set zsh_private" ansible.builtin.set_fact: zsh_private: "{{ zsh_private | combine({ item.key: item.value }) }}" no_log: true with_items: - - key: OPENAI_API_KEY - value: "{{ op_openai_key.stdout }}" + - key: "{{ secret.name }}" + value: "{{ op_secret.stdout }}"