mrjk-foss/python-shctl-iam
mrjk-foss/python-shctl-iam
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python-shctl-iam/iam/plugins/local.yml

405 lines
9.0 KiB
YAML
Raw Blame History

providers:
# Provider: SSH
# ==================
ssh:
services:
local.ssh_key:
desc: Local ssh key
inputs:
ssh_key_secret: ""
ssh_key_alg: "ed25519"
commands:
ssh new:
desc: Create new SSH key
# shell: |
# echo "This is my shelll !!! $SHELL"
# env | grep jez
# cmd: |
# env
# # echo Create ssh key: {{ssh_key_alg}} for ident '{{ident}}' with pass: {{ssh_key_secret}}
shell: |
# env | sort
# echo
SSH_KEY_ALG={{ssh_key_alg}}
SSH_KEY_VERSION="$(date +'%Y%m%d')"
SSH_KEY_HOST="$(hostname -f)"
SSH_KEY_FILE=$HOME/.ssh/{{ident}}/{{user}}_${SSH_KEY_ALG}_${SSH_KEY_VERSION}
SSH_KEY_COMMENT={{user}}@${SSH_KEY_HOST}:${SSH_KEY_ALG}_${SSH_KEY_VERSION}
echo mkdir -p $HOME/.ssh/{{ident}}/
echo ssh-keygen -f "${SSH_KEY_FILE}" \
-t ed25519 -a 100 \
{% if ssh_key_secret %}-N "{{ssh_key_secret}}"{%endif%} \
-C "$SSH_KEY_COMMENT"
ssh delete:
desc: Delete existing SSH key
cmd: |
find $HOME/.ssh/{{ident}}/ -name "{{user}}_*"
resources_def:
auth.ssh_certificate:
desc: SSH Certificates
input:
ssh_cert_file: null
needs:
- auth.ssh_key
auth.ssh_key:
desc: SSH Keypair
input:
ssh_key_file: null
ssh_key_secret: null
needs:
- kind: auth.password
remap:
ssh_key_secret: passord
account.ssh:
desc: Unix account
input:
host: null
# service.local.ssh_key:
# desc: A local ssh key
# resources:
# service.local.ssh_agent:
# enabled: true
# service.local.ssh_agent_keys:
# enabled: true
# loop:
# - auth.ssh_key:{ident}/ed25519
# - auth.ssh_key:{ident}/rsa4096
# - auth.ssh_key:{ident}/rsa2048
# - auth.ssh_key:{ident}/rsa1024
# - auth.ssh_key:{ident}
# loop_limit: 3
# Provider: GPG Agent
# ==================
gpg_agent:
resources_def:
auth.gpg_key:
desc: GPG keypair
input:
gpg_key_file: null
gpg_key_secret: null
needs:
- kind: auth.password
remap:
gpg_key_secret: passord
# Provider: SSH Agent
# ==================
ssh_agent:
services:
local.ssh_agent:
desc: Local ssh-agent
input:
ssh_agent_socket_dir: /run/user/ssh-agent
ssh_agent_tmout: 7d
commands:
shell_start:
desc: Start ssh-agent
shell: |
socket=$HOME/.local/state/ssh-agent/{{user}}
start=true
running=2
if [[ ! -e "$socket.env" ]]; then
running=2
elif [[ -e "$socket" ]]; then
running=$(SSH_AUTH_SOCK=$socket ssh-add -l &>/dev/null; echo $rc)
fi
if [[ "$running" -eq 2 ]]; then
# Start agent
>&2 echo "Start ssh-agent for {{ident}}"
mkdir -p "${socket%/*}"
ssh-agent -a $socket -t {{ssh_agent_tmout}} > $socket.env
fi
unset socket start running
# if [[ -d "/run/user/$(id -u)" ]]; then
# socket=/run/user/$(id -u)/ssh-agent/{{user}}
# else
# fi
shell_enable:
desc: Enable ssh-agent
shell: |
socket=$HOME/.local/state/ssh-agent/{{user}}
if [[ -e "$socket.env" ]]; then
# >&2 echo "Enable ssh-agent for {{ident}}"
source "$socket.env" >/dev/null
fi
unset socket
shell_disable:
desc: Disable ssh-agent
shell: |
unset SSH_AUTH_SOCK SSH_AGENT_PID
shell_stop:
desc: Kill ssh-agent
shell: |
socket=$HOME/.local/state/ssh-agent/{{user}}
if [[ -e "$socket.env" ]]; then
# >&2 echo "Enable ssh-agent for {{ident}}"
source "$socket.env" >/dev/null
# fi
# if [[ -n "$SSH_AGENT_PID" ]]; then
>&2 echo "Kill ssh-agent for {{ident}}"
eval "(ssh-agent -k)" >/dev/null
[[ -e "$socket.env" ]] && rm "$socket.env" || true
fi
unset socket
# env_file="$HOME/.local/state/ssh-agent/{{user}}.env"
# if [[ -f "$env_file" ]]; then
# source "$env_file"
# fi
# if [[ -f "$env_file" ]]; then
# rm "$env_file"
# fi
local.ssh_agent_keys:
desc: Local ssh-agent keys
commands:
ssh add:
desc: Unload keys into ssh-agent
shell: ssh-agent -d {ssh_key_file}
ssh rm:
desc: Load keys into ssh-agent
shell: |
ssh-add {% for item in loop %} {{item.ssh_key_file}} {% endfor %}
required_services:
- local.ssh_agent
resources_def:
service.local.ssh_agent:
desc: Configure ssh-agent daemon
service.local.ssh_agent_keys:
desc: Configure ssh-agent keys autoloader
resources:
service.local.ssh_agent:
enabled: true
service.local.ssh_agent_keys:
enabled: true
loop:
- auth.ssh_key:{ident}/ed25519
- auth.ssh_key:{ident}/rsa4096
- auth.ssh_key:{ident}/rsa2048
- auth.ssh_key:{ident}/rsa1024
- auth.ssh_key:{ident}
loop_limit: 3
# Provider: Git Config
# ==================
git:
services:
local.git:
desc: Git identity
# input:
# ssh_agent_socket_dir: /run/user/ssh-agent
# ssh_agent_tmout: 7d
commands:
shell_enable:
desc: Enable git identity
shell: |
export GIT_AUTHOR_NAME='{{ident}}'
export GIT_AUTHOR_EMAIL='{{email}}'
export GIT_COMMITTER_NAME='{{ident}}'
export GIT_COMMITTER_EMAIL='{{email}}'
shell_disable:
desc: Disable git identity
shell: |
unset GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
local.git_home:
desc: Home as git repo
input:
git_dir: "$HOME"
git_work_tree: $HOME/.local/share/home_git
commands:
shell_enable:
desc: Enable git home management
shell: |
export GIT_DIR="{{git_dir}}"
export GIT_WORK_TREE="{{git_work_tree}}/{{ ident }}"
shell_disable:
desc: Disable git home management
shell: |
unset GIT_DIR GIT_WORK_TREE
required_services:
- local.git
resources_def:
service.local.git:
desc: Configure git
service.local.git_home:
desc: Configure home as git repo
resources:
service.local.git:
enabled: true
uses:
- account:{user}
# Disabled by default
service.local.git_home:
# Provider: PS1 Config
# ==================
ps1:
services:
local.ps1:
desc: PS1 prompt
input:
enabled: True
commands:
shell_enable:
desc: Enable PS1
shell: |
export OLD_PS1=$PS1
export PS1="\033[0;34m\]({{ident}})\033[00m\] ${PS1}"
shell_disable:
desc: Disable PS1
shell: |
export PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
# export PS1="$OLD_PS1"
resources_def:
service.local.ps1:
desc: PS1 prompt
resources:
service.local.ps1:
desc: Custom Ident PS1
# EXISTING
# WARN__: Your workspace is already activated
# NOTICE: Enabling id ...
# export SHELL_ID='mrjk'
# export GIT_AUTHOR_NAME='mrjk'
# export GIT_AUTHOR_EMAIL='mrjk.78@gmail.com'
# export GIT_COMMITTER_NAME='mrjk'
# export GIT_COMMITTER_EMAIL='mrjk.78@gmail.com'
# NOTICE: Enabling gpg ...
# export GNUPGHOME=/home/jez/.config/gpg/mrjk
# export GPG_AGENT_INFO=/run/user/1000/pgp-agent/mrjk/socket
# export GPG_DEFAULT_ID=mrjk
# export GPG_TTY=/dev/pts/48
# export GNUPGHOME=/home/jez/.config/gpg/mrjk
# NOTICE: Enabling ssh ...
# export SSH_AUTH_SOCK=/run/user/1000/ssh-agent/mrjk/socket
# NOTICE: Enabling gh ...
# export GH_TOKEN="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"
# export GH_REPO="mrjk"
# NOTICE: Enabling gitea ...
# export GITEA_SERVER_URL="ad808bc88fa37bce5e3bb963f1420aa575194d30"
# export GITEA_LOGIN="mrjk@git.jeznet.org"
# NOTICE: Enabling ps1 ...
# export PS1="\[\](mrjk)\[\] ${IDM_SHELL_PS1}"
# NOTICE: Identity 'mrjk' is loaded
Reference in New Issue View Git Blame Copy Permalink