Initial try to use chezmoi to manage root dir

Handle apt repositories with chezmoi
felipecrs · Dec 9, 2021 · b402072 · b402072
1 parent 716d4f1
commit b402072
Show file tree

Hide file tree

Showing 13 changed files with 118 additions and 50 deletions.
diff --git a/.shellcheckrc b/.shellcheckrc
@@ -1,12 +1,9 @@
-# Available in ShellCheck v0.7.2
 enable=add-default-case
 enable=avoid-nullary-conditions
+enable=check-extra-masked-returns
+enable=check-set-e-suppressed
 enable=check-unassigned-uppercase
 enable=deprecate-which
 enable=quote-safe-variables
-enable=require-variable-braces
-
-# Not available in ShellCheck v0.7.2
-enable=check-extra-masked-returns
-enable=check-set-e-suppressed
 enable=require-double-brackets
+enable=require-variable-braces
diff --git a/home/dot_local/bin/executable_rootmoi.tmpl b/home/dot_local/bin/executable_rootmoi.tmpl
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+readonly config_dir="${HOME}/.config/rootmoi"
+
+readonly config="${config_dir}/chezmoi.yaml"
+readonly persistent_state="${config_dir}/chezmoistate.boltdb"
+
+exec sudo "{{ .chezmoi.executable }}" \
+  --config="${config}" \
+  --persistent-state="${persistent_state}" \
+  "$@"
diff --git a/home/private_dot_config/private_rootmoi/private_chezmoi.yaml.tmpl b/home/private_dot_config/private_rootmoi/private_chezmoi.yaml.tmpl
@@ -0,0 +1,15 @@
+{{- $chezmoiData := deepCopy . -}}
+{{- $chezmoiData = unset $chezmoiData "chezmoi" -}}
+
+sourceDir: "{{ joinPath .chezmoi.workingTree "root" }}"
+
+destDir: "/"
+
+verbose: true
+
+diff:
+  exclude:
+    - scripts
+
+data:
+{{ $chezmoiData | toYaml | indent 2 }}
diff --git a/home/run_always_after_9_apply_root.sh.tmpl b/home/run_always_after_9_apply_root.sh.tmpl
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+echo "Applying chezmoi to root..."
+
+executable='{{ joinPath .chezmoi.homeDir ".local/bin/rootmoi" }}'
+args=({{ range (rest .chezmoi.args) }} {{ . | quote }}{{ end }})
+
+echo "Executing: ${executable} ${args[@]}"
+exec "${executable}" "${args[@]}"
diff --git a/home/run_onchange_before_1_setup_apt_packages.sh.tmpl b/home/run_onchange_before_1_setup_apt_packages.sh.tmpl
@@ -4,31 +4,6 @@ set -euo pipefail
 
 echo "Installing apt packages"
 
-{{ if not .is_devcontainer -}}
-echo "Installing pre-requisites"
-if ! sudo apt update; then
-  echo "Ignoring failure because it may be due to ca-certificates"
-fi
-sudo apt install -y software-properties-common ca-certificates curl gnupg
-echo "Setting up repositories"
-sudo add-apt-repository --no-update -y ppa:git-core/ppa
-docker_apt_repo="deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ .chezmoi.osRelease.ubuntuCodename }} stable"
-# This ensures that the docker repo is not inside /etc/apt/sources.list
-sudo add-apt-repository --no-update -y --remove "$docker_apt_repo"
-echo "$docker_apt_repo" | sudo tee /etc/apt/sources.list.d/docker.list
-unset docker_apt_repo
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
-kubic_apt_repo="deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ .chezmoi.osRelease.versionID }}/ /"
-# This ensures that the kubic repo is not inside /etc/apt/sources.list
-sudo add-apt-repository --no-update -y --remove "$kubic_apt_repo"
-echo "$kubic_apt_repo" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
-unset kubic_apt_repo
-curl -fsSL https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ .chezmoi.osRelease.versionID }}/Release.key | sudo apt-key add -
-{{ if eq .chezmoi.osRelease.versionID "18.04" -}}
-sudo add-apt-repository --no-update -y ppa:communitheme/ppa
-{{ end -}}
-{{ end -}}
-
 readarray -t apt_packages <<'EOF'
 zsh
 direnv
@@ -83,29 +58,10 @@ sudo apt install -y "${apt_packages[@]}"
 {{ if not .is_devcontainer -}}
 echo "Configuring Docker"
 sudo usermod -aG docker "{{ .chezmoi.username }}"
-if [[ ! -f /etc/docker/daemon.json ]]; then
-  sudo mkdir -p /etc/docker
-  echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null
-fi
-jq --raw-output '.features.buildkit = true' /etc/docker/daemon.json | tee /tmp/daemon.json >/dev/null && sudo mv -f /tmp/daemon.json /etc/docker/daemon.json
-
-echo "Installing compose-switch (docker-compose v1 compatibility)"
-{{   $composeSwitchVersion := output "curl" "-fsSL" "-o" "/dev/null" "-w" "%{url_effective}" "https://github.com/docker/compose-switch/releases/latest" | trim | base -}}
-sudo curl -fsSL "https://github.com/docker/compose-switch/releases/download/{{ $composeSwitchVersion }}/docker-compose-linux-amd64" --output /usr/local/bin/docker-compose
-sudo chmod +x /usr/local/bin/docker-compose
 
 {{ if .is_wsl -}}
 echo "Setting up docker service in WSL initalization"
 sudo crudini --set /etc/wsl.conf boot command '"service docker start"'
-{{   $dockerCredsVersion := output "curl" "-fsSL" "-o" "/dev/null" "-w" "%{url_effective}" "https://github.com/docker/docker-credential-helpers/releases/latest" | trim | base -}}
-echo "Installing docker credential helper for WSL"
-curl -fsSL "https://github.com/docker/docker-credential-helpers/releases/download/{{ $dockerCredsVersion }}/docker-credential-wincred-{{ $dockerCredsVersion }}-amd64.zip" | zcat | sudo tee /usr/bin/docker-credential-wincred.exe >/dev/null
-sudo chmod +x /usr/bin/docker-credential-wincred.exe
-{{ else if .is_gnome -}}
-{{   $dockerCredsVersion := output "curl" "-fsSL" "-o" "/dev/null" "-w" "%{url_effective}" "https://github.com/docker/docker-credential-helpers/releases/latest" | trim | base -}}
-echo "Installing docker credential helper for GNOME"
-curl -fsSL "https://github.com/docker/docker-credential-helpers/releases/download/{{ $dockerCredsVersion }}/docker-credential-secretservice-{{ $dockerCredsVersion }}-amd64.tar.gz" | tar -xzf - -O | sudo tee /usr/bin/docker-credential-secretservice >/dev/null
-sudo chmod +x /usr/bin/docker-credential-secretservice
 {{- end }}
 
 {{ if not .is_wsl | and .is_gnome | and (not (lookPath "git-credential-manager-core")) -}}

diff --git a/root/.chezmoiexternal.yaml b/root/.chezmoiexternal.yaml
@@ -0,0 +1,49 @@
+"usr/share/keyrings/docker-archive-keyring.gpg":
+  type: file
+  url: "https://download.docker.com/linux/{{ .chezmoi.osRelease.id }}/gpg"
+  filter:
+    command: gpg
+    args: ["--dearmor"]
+
+"usr/share/keyrings/kubic-archive-keyring.gpg":
+  type: file
+  url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ .chezmoi.osRelease.versionID }}/Release.key"
+  filter:
+    command: gpg
+    args: ["--dearmor"]
+
+"usr/share/keyrings/git-core-ppa-archive-keyring.gpg":
+  type: file
+  url: "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xE1DD270288B4E6030699E45FA1715D88E1DF1F24"
+  filter:
+    command: gpg
+    args: ["--dearmor"]
+
+"usr/share/keyrings/communitheme-ppa-archive-keyring.gpg":
+  type: file
+  url: "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xDEE9D5E11727231736FD173F03D12CDECFB24D48"
+  filter:
+    command: gpg
+    args: ["--dearmor"]
+
+{{ $composeSwitchVersion := (gitHubLatestRelease "docker/compose-switch").TagName -}}
+"usr/local/bin/docker-compose":
+  type: file
+  url: "https://github.com/docker/compose-switch/releases/download/{{ $composeSwitchVersion }}/docker-compose-linux-amd64"
+  executable: true
+
+{{ $dockerCredsVersion := (gitHubLatestRelease "docker/docker-credential-helpers").TagName -}}
+"usr/bin/docker-credential-wincred.exe":
+  type: file
+  url: "https://github.com/docker/docker-credential-helpers/releases/download/{{ $dockerCredsVersion }}/docker-credential-wincred-{{ $dockerCredsVersion }}-amd64.zip"
+  executable: true
+  filter:
+    command: zcat
+
+"usr/bin/docker-credential-secretservice":
+  type: file
+  url: "https://github.com/docker/docker-credential-helpers/releases/download/{{ $dockerCredsVersion }}/docker-credential-secretservice-{{ $dockerCredsVersion }}-amd64.tar.gz"
+  executable: true
+  filter:
+    command: tar
+    args: ["-xzOf-"]
diff --git a/root/.chezmoiignore b/root/.chezmoiignore
@@ -0,0 +1,10 @@
+{{- if not (eq .chezmoi.osRelease.versionCodename "bionic") -}}
+etc/apt/sources.list.d/communitheme-ppa.list
+usr/share/keyrings/communitheme-ppa-archive-keyring.gpg
+{{- end }}
+
+{{ if .is_wsl -}}
+usr/bin/docker-credential-secretservice
+{{- else -}}
+usr/bin/docker-credential-wincred.exe
+{{- end }}
diff --git a/root/.chezmoiremove b/root/.chezmoiremove
@@ -0,0 +1,3 @@
+etc/apt/sources.list.d/git-core-ubuntu-ppa-*.list*
+etc/apt/sources.list.d/communitheme-ubuntu-ppa-*.list*
+etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list*
diff --git a/root/etc/apt/sources.list.d/communitheme-ppa.list.tmpl b/root/etc/apt/sources.list.d/communitheme-ppa.list.tmpl
@@ -0,0 +1 @@
+deb [signed-by=/usr/share/keyrings/communitheme-ppa-archive-keyring.gpg] http://ppa.launchpad.net/communitheme/ppa/ubuntu {{ .chezmoi.osRelease.ubuntuCodename }} main
diff --git a/root/etc/apt/sources.list.d/docker.list.tmpl b/root/etc/apt/sources.list.d/docker.list.tmpl
@@ -0,0 +1 @@
+deb [arch={{ .chezmoi.arch }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/{{ .chezmoi.osRelease.id }} {{ .chezmoi.osRelease.versionCodename }} stable
diff --git a/root/etc/apt/sources.list.d/git-core-ppa.list.tmpl b/root/etc/apt/sources.list.d/git-core-ppa.list.tmpl
@@ -0,0 +1 @@
+deb [signed-by=/usr/share/keyrings/git-core-ppa-archive-keyring.gpg] http://ppa.launchpad.net/git-core/ppa/ubuntu {{ .chezmoi.osRelease.ubuntuCodename }} main
diff --git a/root/etc/apt/sources.list.d/kubic.list.tmpl b/root/etc/apt/sources.list.d/kubic.list.tmpl
@@ -0,0 +1 @@
+deb [signed-by=/usr/share/keyrings/kubic-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ .chezmoi.osRelease.versionID }}/ /
diff --git a/root/etc/docker/modify_daemon.json.tmpl b/root/etc/docker/modify_daemon.json.tmpl
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -euo pipefail
+
+jq=(jq --raw-output --tab)
+json=$(cat /dev/stdin)
+
+if [[ -z "${json}" ]]; then
+  json='{}'
+fi
+
+json=$("${jq[@]}" '.features.buildkit = true' <<<"${json}")
+
+echo -n "${json}"