msaldain/STP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
STP/modules/ssh.sh
T
msaldain bd78fd9fbe Configuracion inicial completa del entorno personal 
Modulos de restauracion:
- bootstrap: instala yq, age y dependencias base (curl, wget, git, nano, gpg)
- ssh: descifra e instala claves SSH desde secrets/sshKeys.tar.gz.age
- registry: aplica paquetes apt/snap/flatpak, dotfiles, servicios y configs Docker
- thunderbird: instala Thunderbird snap y restaura perfil desde ZIP
- claudeCode: configura repositorio apt de Anthropic e instala claude-code
- easyEffects: restaura configuracion y presets desde ZIP
- wireplumber: restaura dispositivo Bluetooth por defecto y perfiles de audio
- cups: restaura impresoras y drivers PPD desde ZIP

Scripts de captura (correr antes de push):
- scripts/encryptSsh.sh: cifra ~/.ssh con age
- scripts/thunderbird/capture.sh: captura perfil de Thunderbird snap
- scripts/easyEffects/capture.sh: captura config de EasyEffects flatpak
- scripts/wireplumber/capture.sh: captura estado de WirePlumber
- scripts/cups/capture.sh: captura impresoras CUPS y PPDs (requiere sudo)

Registro de aplicaciones (config/registry.yaml):
- 9 paquetes apt, 1 snap (dbeaver-ce), 22 flatpaks incluyendo VSCodium,
  Bitwarden, Inkscape, LibreOffice, OBS Studio, Nextcloud Desktop, entre otros

Secretos incluidos:
- secrets/sshKeys.tar.gz.age: claves SSH cifradas con age
- secrets/thunderbirdProfile.zip: perfil de Thunderbird sin emails ni cache
- secrets/easyEffectsConfig.zip: ajustes y presets de salida de audio
- secrets/wireplumberState.zip: estado de audio incluyendo auriculares Bluetooth
- secrets/cupsConfig.zip: 5 impresoras configuradas con sus drivers

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-20 18:16:40 -03:00

85 lines
2.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
set -euo pipefail
source "$stpRoot/lib/log.sh"
source "$stpRoot/lib/utils.sh"
readonly sshDestination="$HOME/.ssh"
readonly encryptedArchive="$stpRoot/secrets/sshKeys.tar.gz.age"
sshPermissionsForFile() {
local keyFilename="$1"
case "$keyFilename" in
*.pub|known_hosts|config) echo 644 ;;
*) echo 600 ;;
esac
}
ensureSshDirectoryExists() {
if [[ ! -d "$sshDestination" ]]; then
mkdir -p "$sshDestination"
chmod 700 "$sshDestination"
fi
}
decryptArchiveInto() {
local workingDirectory="$1"
log::info "Ingresá la passphrase para descifrar las claves SSH:"
if ! age -d -o "$workingDirectory/sshKeys.tar.gz" "$encryptedArchive"; then
log::error "Error al descifrar. Verificá la passphrase."
return 1
fi
tar -xzf "$workingDirectory/sshKeys.tar.gz" -C "$workingDirectory"
}
installSshKey() {
local sourceFile="$1"
local keyFilename
keyFilename="$(basename "$sourceFile")"
local destination="$sshDestination/$keyFilename"
if [[ -f "$destination" ]]; then
log::warn "Ya existe (salteando): $keyFilename"
return 1
fi
cp "$sourceFile" "$destination"
chmod "$(sshPermissionsForFile "$keyFilename")" "$destination"
log::ok "Instalada: $keyFilename"
}
installAllKeysFrom() {
local sourceDirectory="$1"
local installedCount=0 skippedCount=0
for sourceFile in "$sourceDirectory/.ssh/"*; do
[[ -f "$sourceFile" ]] || continue
if installSshKey "$sourceFile"; then
((++installedCount))
else
((++skippedCount))
fi
done
log::ok "$installedCount clave(s) instaladas, $skippedCount salteada(s)"
}
if [[ ! -f "$encryptedArchive" ]]; then
log::warn "Archivo de claves no encontrado: secrets/sshKeys.tar.gz.age"
log::warn "Para cifrar tus claves actuales: bash scripts/encryptSsh.sh"
exit 0
fi
if ! util::cmdExists age; then
log::error "age no está instalado. Ejecutá primero el módulo bootstrap"
exit 1
fi
log::info "Restaurando claves SSH..."
workingDirectory="$(mktemp -d)"
trap 'rm -rf "$workingDirectory"' EXIT
decryptArchiveInto "$workingDirectory"
ensureSshDirectoryExists
installAllKeysFrom "$workingDirectory"
Reference in New Issue View Git Blame Copy Permalink