python-shctl-iam/iam/plugins/local.yml

providers:

  # Provider: SSH
  # ==================
  ssh:

    services:
      local.ssh_key:
        desc: Local ssh key
        inputs:
          ssh_key_secret: ""
          ssh_key_alg: "ed25519"

        commands:
              
          new: 
            desc: Create new SSH key
            cmd: |
              SSH_KEY_ALG={{ssh_key_alg}}

              SSH_KEY_VERSION="$(date +'%Y%m%d')"
              SSH_KEY_HOST="$(hostname -f)"

              SSH_KEY_FILE=$HOME/.ssh/{ident}/{user}_${SSH_KEY_ALG}_${SSH_KEY_VERSION}
              SSH_KEY_COMMENT={user}@${SSH_KEY_HOST}:${SSH_KEY_ALG}_${SSH_KEY_VERSION}

              ssh-keygen -f "{SSH_KEY_FILE}" \
              -t ed25519 -a 100 \
              -N "{{ssh_key_secret}}" \
              -C "$SSH_KEY_COMMENT"

          delete: 
            desc: Delete existing SSH key
            cmd: |
              find $HOME/.ssh/{ident}/ -name "{user}_*"




    resources_def:


      auth.ssh_certificate:
        desc: SSH Certificates
        input:
          ssh_cert_file: null
        needs:
        - auth.ssh_key

      auth.ssh_key:
        desc: SSH Keypair
        input:
          ssh_key_file: null
          ssh_key_secret: null
        needs:
        - kind: auth.password
          remap:
            ssh_key_secret: passord

      account.ssh:
        desc: Unix account
        input:
          host: null


      # service.local.ssh_key:
      #   desc: A local ssh key
        


    # resources:

    #   service.local.ssh_agent:
    #     enabled: true

    #   service.local.ssh_agent_keys:
    #     enabled: true
    #     loop:
    #     - auth.ssh_key:{ident}/ed25519
    #     - auth.ssh_key:{ident}/rsa4096
    #     - auth.ssh_key:{ident}/rsa2048
    #     - auth.ssh_key:{ident}/rsa1024
    #     - auth.ssh_key:{ident}
    #     loop_limit: 3




  # Provider: GPG Agent
  # ==================
  gpg_agent:


    resources_def:

      auth.gpg_key:
        desc: GPG keypair
        input:
          gpg_key_file: null
          gpg_key_secret: null
        needs:
        - kind: auth.password
          remap:
            gpg_key_secret: passord


  # Provider: SSH Agent
  # ==================
  ssh_agent:

    services:

      local.ssh_agent:
        desc: Local ssh-agent
        input:
          ssh_agent_socket_dir: /run/user/ssh-agent
          ssh_agent_tmout: 7d

        commands:
          
          shell_enable:
            desc: Enable ssh-agent
            cmd: |
              export SSH_AUTH_SOCK={{ssh_agent_socket_dir}}/{{user}}
              ssh-agent -a $SSH_AUTH_SOCK -t {{ssh_agent_tmout}}
              # SSH_AGENT_PID= ???

          shell_disable:
            desc: Disable ssh-agent
            cmd: ssh-agent -k && unset SSH_AUTH_SOCK

        

      local.ssh_agent_keys:
        desc: Local ssh-agent keys

        commands:
          enable:
            desc: Unload keys into ssh-agent
            cmd: ssh-agent -d {ssh_key_file}

          disable:
            desc: Load keys into ssh-agent
            cmd: |
              ssh-add {% for item in loop %} {{item.ssh_key_file}} {% endfor %}

        
        required_services:
          - local.ssh_agent


    resources_def:

      service.local.ssh_agent:
        desc: Configure ssh-agent daemon

      service.local.ssh_agent_keys:
        desc: Configure ssh-agent keys autoloader


    resources:

      service.local.ssh_agent:
        enabled: true

      service.local.ssh_agent_keys:
        enabled: true
        loop:
        - auth.ssh_key:{ident}/ed25519
        - auth.ssh_key:{ident}/rsa4096
        - auth.ssh_key:{ident}/rsa2048
        - auth.ssh_key:{ident}/rsa1024
        - auth.ssh_key:{ident}
        loop_limit: 3





  # Provider: Git Config
  # ==================
  git:

    services:

      local.git:
        desc: Git identity
        # input:
        #   ssh_agent_socket_dir: /run/user/ssh-agent
        #   ssh_agent_tmout: 7d

        commands:
          
          shell_enable:
            desc: Enable git identity
            cmd: |
              export GIT_AUTHOR_NAME='{{ident}}'
              export GIT_AUTHOR_EMAIL='{{email}}'
              export GIT_COMMITTER_NAME='{{ident}}'
              export GIT_COMMITTER_EMAIL='{{email}}'


          shell_disable:
            desc: Disable git identity
            cmd: |
              unset GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL


      local.git_home:
        desc: Home as git repo
        input:
          git_dir: "$HOME"
          git_work_tree: $HOME/.local/share/home_git

        commands:
          
          shell_enable:
            desc: Enable git home management
            cmd: |
              export GIT_DIR="{{git_dir}}"
              export GIT_WORK_TREE="{{git_work_tree}}/{{ ident }}"

          shell_disable:
            desc: Disable git home management
            cmd: |
              unset GIT_DIR GIT_WORK_TREE

        required_services:
          - local.git

    resources_def:

      service.local.git:
        desc: Configure git

      service.local.git_home:
        desc: Configure home as git repo

    resources:

      service.local.git:
        enabled: true
        uses:
          - account:{user}

      # Disabled by default
      service.local.git_home:



  # Provider: PS1 Config
  # ==================
  ps1:

    services:

      local.ps1:
        desc: PS1 prompt
        input:
          enabled: True

        commands:
          
          shell_enable:
            desc: Enable git identity
            cmd: |
              OLD_PS1=$PS1
              export PS1="\[\033[0;34m\]({{ident}})\[\033[00m\] ${PS1}"

          shell_disable:
            desc: Disable git identity
            cmd: |
              export PS1=$OLD_PS1




    resources_def:
      service.local.ps1:
        desc: PS1 prompt


    resources:

      service.local.ps1:
        desc: Custom Ident PS1



# EXISTING

# WARN__: Your workspace is already activated
# NOTICE: Enabling id ...
# export SHELL_ID='mrjk'
# export GIT_AUTHOR_NAME='mrjk'
# export GIT_AUTHOR_EMAIL='mrjk.78@gmail.com'
# export GIT_COMMITTER_NAME='mrjk'
# export GIT_COMMITTER_EMAIL='mrjk.78@gmail.com'

# NOTICE: Enabling gpg ...
# export GNUPGHOME=/home/jez/.config/gpg/mrjk
# export GPG_AGENT_INFO=/run/user/1000/pgp-agent/mrjk/socket
# export GPG_DEFAULT_ID=mrjk
# export GPG_TTY=/dev/pts/48
# export GNUPGHOME=/home/jez/.config/gpg/mrjk

# NOTICE: Enabling ssh ...
# export SSH_AUTH_SOCK=/run/user/1000/ssh-agent/mrjk/socket

# NOTICE: Enabling gh ...
# export GH_TOKEN="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"
# export GH_REPO="mrjk"

# NOTICE: Enabling gitea ...
# export GITEA_SERVER_URL="ad808bc88fa37bce5e3bb963f1420aa575194d30"
# export GITEA_LOGIN="mrjk@git.jeznet.org"

# NOTICE: Enabling ps1 ...
# export PS1="\[\](mrjk)\[\] ${IDM_SHELL_PS1}"

# NOTICE: Identity 'mrjk' is loaded