andreijiroh.dev / dotfiles
Personal dotfiles for Linux, mostly for Nixpkgs/NixOS-based and Termux setups. Mirrored using GitLab's push mirroring feature. gitlab.com/andreijiroh-dev/dotfiles
linux dotfiles
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat(backup-pgp-keys): improve script and bump asdf-managed tool versions

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.xyz>

Andrei Jiroh Halili a80df727 abb190c4

+31 -21
+2 -2
.tool-versions
··· 1 1 nodejs 20.12.2 2 - deno 1.44.1 2 + deno 1.45.5 3 3 direnv 2.34.0 4 4 python 3.12.3 5 - glab 1.43.0 5 + glab 1.45.0 6 6 golang 1.22.6
+29 -19
bin/backup-pgp-keys
··· 2 2 3 3 # a script to generate backups for my GPG keys 4 4 5 - # literally all of active keys I use for different purposes, including some 6 - # I maintain (such as Recap Time Squad's keys for support and security issues 7 - DEFAULT_PRIVATE_KEYS="0527234A430387EA5695D824A30EBE40AD856D88 4D5E631758CB9CC45941B1CE67BFC91B3DA12BE8 EA957E7086E934F8DB9CAD21940047813E9D641C 5D69E717C5BC95731C2AD8BD120C218ED2291996 2CFF8721393487AEEF2C38987067DB4C7768552F 18C97CF46F06176E7EC43BDC7E4E0EF8B968A952 51D2F9710A20AAE56DC9A9AB77D63E4A0C267204 11F7802B423286A5FCF40AF48AEB225605921F92" 5 + # Literally all of active keys I use for different purposes. For things like shared keys, 6 + # I override them via PUBLIC_KEYS AND PRIVATE_KEYS variables at runtime. 7 + DEFAULT_PRIVATE_KEYS="0527234A430387EA5695D824A30EBE40AD856D88 4D5E631758CB9CC45941B1CE67BFC91B3DA12BE8 EA957E7086E934F8DB9CAD21940047813E9D641C 5D69E717C5BC95731C2AD8BD120C218ED2291996 2CFF8721393487AEEF2C38987067DB4C7768552F 18C97CF46F06176E7EC43BDC7E4E0EF8B968A952 51D2F9710A20AAE56DC9A9AB77D63E4A0C267204" 8 8 DEFAULT_PUBLIC_KEYS="0527234A430387EA5695D824A30EBE40AD856D88 4D5E631758CB9CC45941B1CE67BFC91B3DA12BE8 EA957E7086E934F8DB9CAD21940047813E9D641C 5D69E717C5BC95731C2AD8BD120C218ED2291996" 9 9 10 10 # allow anybody to automate this via envvars ··· 17 17 TIMESTAMP=$(date +%s) 18 18 19 19 generate_pubkey_bak() { 20 - echo "[Stage 1]: Export all public keys per PUBLIC_KEYS to '$EXPORT_DIR/personal-$TIMESTAMP.asc'" 20 + echo "[Stage 1]: Export all public keys per PUBLIC_KEYS to '$EXPORT_DIR/pubkeys-$TIMESTAMP.asc'" 21 21 echo 22 22 sleep 3 23 23 ··· 29 29 for key in $PUBLIC_KEYS; do 30 30 echo "Exporting keyid $key's public key" 31 31 if [[ $_arg_dryrun == "true" ]]; then 32 - echo "+ gpg --armor --export \"$key\" >> \"$EXPORT_DIR/personal-$TIMESTAMP.asc\"" 32 + echo "+ gpg --armor --export \"$key\" >> \"$EXPORT_DIR/pubkeys-$TIMESTAMP.asc\"" 33 33 else 34 - gpg --armor --export "$key" >> "$EXPORT_DIR/personal-$TIMESTAMP.asc" 34 + gpg --armor --export "$key" >> "$EXPORT_DIR/pubkeys-$TIMESTAMP.asc" 35 35 fi 36 36 sleep 3 37 37 done 38 + echo 38 39 } 39 40 40 41 generate_privkey_bak() { 41 - echo "[Stage 2]: Export all private keys per PRIVATE_KEYS to '$EXPORT_DIR/backup-personal-$TIMESTAMP.asc'" 42 + echo "[Stage 2]: Export all private keys per PRIVATE_KEYS to '$EXPORT_DIR/gpg-keys-backup-$TIMESTAMP.asc'" 42 43 echo 43 44 sleep 3 44 45 ··· 50 51 if [[ $_arg_dryrun == "true" ]]; then 51 52 for key in $PRIVATE_KEYS; do 52 53 echo "Exporting keyid $key with private key" 53 - echo "+ gpg --armor --export-secret-keys $key >> $EXPORT_DIR/backup-personal-$TIMESTAMP.asc" 54 + echo "+ gpg --armor --export-secret-keys $key >> $EXPORT_DIR/gpg-keys-backup-$TIMESTAMP.asc" 54 55 sleep 5 55 56 done 56 - echo "+ gpg --batch --asymmetric --passphrase \"$BACKUP_FILE_PASSWORD\" --output \"$EXPORT_DIR/private-keys-backup-$TIMESTAMP.sec.asc\"" 57 + echo "+ gpg --armor --batch --passphrase ${BACKUP_FILE_PASSWORD} --symmetric --output ${EXPORT_DIR}/gpg-keys-encrypted-backup-${TIMESTAMP} < ${EXPORT_DIR}/gpg-keys-backup-${TIMESTAMP}.asc" 57 58 return 58 59 fi 59 60 60 61 for key in $PRIVATE_KEYS; do 61 62 echo "Exporting keyid $key with private key" 62 - gpg --armor --export-secret-keys "$key" >> "$EXPORT_DIR/backup-personal-$TIMESTAMP.asc" 63 + gpg --armor --export-secret-keys "$key" >> "${EXPORT_DIR}/gpg-keys-backup-${TIMESTAMP}.asc" 63 64 sleep 5 64 65 done 65 - echo "warning: Use the following passphrase for encrypting the private key backup in case" 66 - echo "warning: both --batch and --passphrase flags didn't work in 10 seconds below." 67 - echo "warning:" 68 - echo "warning: $BACKUP_FILE_PASSWORD" 69 - echo "warning:" 66 + echo "[private-keys-backup] Here's the encrypted passphrase for ${BACKUP_FILE_PASSWORD}" 70 67 sleep 10 71 - gpg --batch --asymmetric --passphrase "$BACKUP_FILE_PASSWORD" --output "$EXPORT_DIR/private-keys-backup-$TIMESTAMP.sec.asc" 68 + gpg --armor --batch --passphrase "${BACKUP_FILE_PASSWORD}" --symmetric --output "${EXPORT_DIR}/gpg-keys-encrypted-backup-${TIMESTAMP}" < "${EXPORT_DIR}/gpg-keys-backup-${TIMESTAMP}.asc" 69 + echo 72 70 } 73 71 74 72 check_export_dir() { ··· 97 95 } 98 96 99 97 usage() { 100 - echo "USAGE: [EXPORT_DIR=\$(pwd)] $0 [--only-public | --only-secret | --dry-run]" 98 + echo "Usage: $0 [--only-public | --only-secret | --dry-run]" 99 + echo 100 + echo "Available params:" 101 + echo " --dry-run, -d Run a simultation of commands" 102 + echo " --help Show this help page" 103 + echo " --only-secret, -s Only export secret keys" 104 + echo " --only-public, -p Only export public keys" 105 + echo 106 + echo "Supported variables to override defaults:" 107 + echo " DEBUG Set to any value to enable debug logging (via 'set -x')" 108 + echo " EXPORT_DIR Directory for storing exports" 109 + echo " PUBLIC_KEYS List of GPG keys for exporting public keys, seperated by spaces" 110 + echo " PRIVATE_KEYS List of GPG keys for exporting private keys, seperated by spaces" 101 111 } 102 112 103 113 main() { ··· 117 127 --help | -h) 118 128 usage; exit 0 119 129 ;; 120 - --public-keys-only | --pubkeys | --only-public | -p) 130 + --pubkeys | --only-public | -p) 121 131 _arg_pubkeys_only=true 122 132 ;; 123 - --private-keys-only | --secretkeys | --only-secret | -s) 133 + --secretkeys | --only-secret | -s) 124 134 _arg_secretkeys_only=true 125 135 ;; 126 136 --dryrun | --dry-run | -d)