add dev container template

home/.chezmoi.yaml

@@ -1,2 +0,0 @@
-secret:
-  command: "cat"

home/.chezmoiexternal.toml

@@ -19,24 +19,3 @@
     type = "git-repo"
     url = "https://github.com/tmux-plugins/tpm"
     refreshPeriod = "168h"
-
-[".task"]
-    type = "git-repo"
-    url = "git@github.com:starr-dusT/task.git"
-    refreshPeriod = "168h"
-
-### OLD ###
-#[".config/xmonad/xmonad"]
-#    type = "git-repo"
-#    url = "https://github.com/xmonad/xmonad"
-#    refreshPeriod = "168h"
-#
-#[".config/xmonad/xmonad-contrib"]
-#    type = "git-repo"
-#    url = "https://github.com/xmonad/xmonad-contrib"
-#    refreshPeriod = "168h"
-#
-#[".config/xmonad/xmobar"]
-#    type = "git-repo"
-#    url = "https://codeberg.org/xmobar/xmobar"
-#    refreshPeriod = "168h"

home/.chezmoiignore.tmpl

@@ -1 +1,31 @@
 .oh-my-zsh/cache/**
+
+{{ if eq .chezmoi.osRelease.variantID "container" }}
+bin/**
+.local/**
+.taskopenrc
+.taskrc
+.config/btrbk/**
+.config/crafted-emacs/**
+.config/herbstluftwm/**
+.config/hypr/**
+.config/i3/**
+.config/khal/**
+.config/khard/**
+.config/mako/**
+.config/mpd/**
+.config/ncmpcpp/**
+.config/picom/**
+.config/polybar/**
+.config/qtile/**
+.config/retroarch/**
+.config/rofi/**
+.config/scratch/**
+.config/stumpwm/**
+.config/sway/**
+.config/vifm/**
+.config/waybar/**
+.config/xmobar/**
+.config/xmonad/**
+.config/zk/**
+{{ end }}

home/dot_config/lazygit/state.yml

@@ -1,6 +0,0 @@
-lastupdatecheck: 0
-recentrepos:
-- /home/tstarr/.dotfiles
-startuppopupversion: 5
-customcommandshistory: []
-hidecommandlog: false

home/private_dot_ssh/config

@@ -1,3 +1,3 @@
 Host github.com
   AddKeysToAgent yes
-  IdentityFile /run/secrets/github/starr-dusT
+  IdentityFile ~/.ssh/keys/github_personal 

provision/additional-setup.md

@@ -2,7 +2,15 @@
 
 The following documents some NixOS setup that wasn't automated.
 
-## Sops-nix
+## Encryption Keys
+
+### Github SSH
+
+Keys for SSH aren't automatically placed with chezmoi `secret` since it complicated
+things to much. The key for github SSH must be transferred manually from Bitwarden
+or `/run/secrets/keys/github_personal` to `~/.ssh/keys/github_personal`.
+
+### Sops-nix
 
 Encrypted keys for various aspects of the config are stored in `./secrets/secrets.yaml` 
 to the required key for decryption must be placed at `~/.config/sops/age/keys.txt`.

provision/modules/system/secrets.nix

@@ -10,17 +10,14 @@ in {
       defaultSopsFormat = "yaml";
       age.keyFile = "/home/${user}/.config/sops/age/keys.txt";
 
-      # Github secrets
-      secrets."github/starr-dusT" = { owner = "${user}"; };
+      # Keys
+      secrets."keys/github_personal" = { owner = "${user}"; };
 
       # Wireguard secrets
       secrets."wireguard/kestrel" = { owner = "${user}"; };
       secrets."wireguard/bulwark" = { owner = "${user}"; };
       secrets."wireguard/adjudicator" = { owner = "${user}"; };
       secrets."wireguard/torus" = { owner = "${user}"; };
-
-      # Homelab secrets
-      secrets."homelab/tstarr" = { owner = "${user}"; };
     };
   };
 }

provision/secrets/secrets.yaml

@@ -1,7 +1,5 @@
-homelab:
-    tstarr: ENC[AES256_GCM,data:gX6v3mQ7IhQ=,iv:6JYfIZrlWlmgSG7zgkNUkQqk1rz0Hdku+eFyzt+1TLc=,tag:QNRsQ7ML7UrBbTtPT20kbg==,type:str]
-github:
-    starr-dusT: ENC[AES256_GCM,data:/188MCdN6ls5tJ2URQ4hz2Ku7bOHPsR3/i2t9oH3HSwGEzghpwFfasc20mb5AXMa0+SUWRxfd5xKESo0nlnHlM4OCuS2oNG04Y1KXxCYb71EgKn4GhCY8H3/LN7AdlJ9yAi3wEk3cYZUPHTAmTgxuegiJ3+VlZpjikKDM/fvYq7Nl5SPdRrDrjTDEKn8pgeGoBYQnCTSAl86kVRzSqvkqCNThu4f+ipXw2vBCz0nN8aCj/OyTQwNUerPNiWzzCRN9rQr2cGKMiZ1zqpGalBFfmxhNpZxDzSHbvAA5Q69IG+Uka0dSaafPYTw6r8imEp0jHy8GfVHF/nhSv3wwMBjqBd1iVeyZ5EAYTUoMD3hlxASUnSL6OZkPlEZsEue5eGp0r5T7zwejefcxQ/4Tn46xKezybck4pjIb3txSl8Hvsjt78+CNO3Uw2k7B8SM6xsN7igYfcLXuUi1vYCB3Yhr6pRbEU5dAaLNYIPCTfX7tpFYHF9Xh6d60Y5YsgoXg3TNB+sbzkdvvT6q3w==,iv:fZ7nConYY/OhIqHrxxKXUuugMrKjvVBFuTFgq+w/yvM=,tag:awLu6xhqtJOkEGkde50vzQ==,type:str]
+keys:
+    github_personal: ENC[AES256_GCM,data:JQ0l0VNKjgf2yq7nZSED+6gf27ILfkvkdJkcsBLcX0K5isogtlF8Y8zI28dqLsSmriHf7L52fy3LjXDVkxXl8XupyPxJF3roeAxtj2rwXhVxMkAAEcWCaFUpa1UI5I2LIV2Ne32Ug6I5CKLlEzWXs7AImYJmmw0B6cn1hPyHJKc0I0My5A2b6LJq5J7mrJJ+PnybDNPW7QvZ0hIcqjNIXv1gcf9XMo6RU0dYnnRJaf6w/D5Nvrj15OG6oCe2C7e7O+JjgjQahUOOTlp1/5bbTW5ZDWEUxIn4llCsrkjjdKkYrCmYhQ45NLk+ZpWgXJZLgbfgc25nUOiLOoGbxO7kXienrY1y+t7/UA5AqKHj6575Iy5wN+P/XqzQ6ARkBh5Jy5gvrGFBtxcHml5J/j8ROJ9CoHmiT0jNycEll2yFcnIqAIbPqPuuu341sErFT33SMRzxKmlmyCCjaJrZB423NHqLiTA8oQ+mmkvOaE3cmuEU5oCT7OhL+RELbMNWjNOz7weNNgbt+fyy/U+VmtobLCllhRFDo0I/OFuFZ/UUqqEAAjv/NPk5V+7yCtBb9CmFROD9cG9xxx0mdkt8GHXYML7mIrCe/8ILKm3oWSVEA5w=,iv:0my7Q3Uog/nu3A3IprXuRAMTYmSv9YV1bo3BSAk2wlk=,tag:u41VgXeMBb2righhXUrPUA==,type:str]
 wireguard:
     kestrel: ENC[AES256_GCM,data:RLDesKMUtpurv+C2YkxMcbBdiP6cHHUGRCYkgO5Qf6FZLxl4vKRyhTdDzWc=,iv:V/9bpCMTT9YQ8QCNYdpfrhu0lc4Yt5Eu0DJMc0uZkNA=,tag:kFnN7GwT4UKqUyvOdlbXxg==,type:str]
     bulwark: ENC[AES256_GCM,data:wMMZ1zJ2nPvkAFA5SgcSyl1z+9blDqf/6pVp8olmGaXJsbWc+/gBtDKzTog=,iv:2lZdsFYZhiTumRmYN/q2606gpyS7lCjf4cgeaCIjoxo=,tag:o81+t3pRwfomEys1veQecA==,type:str]
@@ -22,8 +20,8 @@ sops:
             ajM3YlJYU21PaHRyaGlUNy84RHN2SE0KAvMFdqnfV0TzfNcBdY7OvRLZrBb9uXSI
             3y50yFhYnyXtWKLQFTwjN6S5dLaZgqhaGhEQyNCQxb5RGZJDR6g7Yw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-25T10:16:12Z"
-    mac: ENC[AES256_GCM,data:tlvq7Upl9+ci0chBo/y8IkNPjLuuh0srnqD3iiPTs1VCk6aW7E7ZWcoV8WH9HkD+xlD82mfs4500VPk/UC6Pe9d+BJX5PYqxPRp5sTQacjScC4y0TeMmTEaXwcsYo0faV1JSPCM5v1WmtRtE7GE7awewoIGs5q27TWoP6lBhafY=,iv:WWdfK4e9jt7WV8M5ACZ/tnaNDNiiihy9kauCbk/auu8=,tag:euzBqYNvaOxIB6Qu02UVvA==,type:str]
+    lastmodified: "2024-01-15T07:18:45Z"
+    mac: ENC[AES256_GCM,data:9+RGSBzLB+cEPm8DJXXHg1gJct+7rqNWfkTWs2klJ0ebNyOmIrM7YAyqve7RylUJAREp2wpWBvs61GhGOCvfe40eAdzLCkoPVP6GaDFoQ0aFZ8t3hY8dCFifOnlo2HgFJ3eAXmX4jM+EI1AaK1/inPJyDrD+asR5hi0hXPk5wkY=,iv:QsLkyf+wakIOqmH1UUgas03sZGQfF2yFzNEv4WM8U1g=,tag:1JwMUjMLdllU20AErWmOMw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3

resources/templates/dev_containers/Dockerfile

@@ -0,0 +1,57 @@
+FROM fedora:latest
+
+ENV TERM xterm-256color
+
+###############################################################################
+# install
+###############################################################################
+
+# base
+RUN dnf install -y \
+    git \
+    git-lfs \
+    python \
+    python3 \
+    python3-pip \
+    python3-tornado \ # for WebAgg matplotlib
+    gcc \
+    gcc-c++ \
+    make \
+    openssl-devel \
+    libffi-devel \
+    redhat-rpm-config \
+    vim \
+    tmux \
+    hostname \
+    && dnf clean all
+
+# user
+RUN dnf install -y \
+    neovim
+
+
+###############################################################################
+# general 
+###############################################################################
+
+# add user
+RUN useradd -u 1000 -g 100 -ms /bin/bash dev \
+    && echo 'dev:pass' | chpasswd
+RUN usermod -aG wheel dev
+
+###############################################################################
+# user config
+###############################################################################
+
+USER dev
+WORKDIR /home/dev
+
+RUN git clone --depth 1 https://github.com/wbthomason/packer.nvim \
+        ~/.local/share/nvim/site/pack/packer/start/packer.nvim
+
+# clone dotfiles
+RUN sh -c "$(curl -fsLS get.chezmoi.io)"
+ENV PATH="/home/dev/bin:${PATH}"
+RUN chezmoi init --apply https://github.com/starr-dusT/dotfiles
+
+CMD ["/bin/bash"]

resources/templates/dev_containers/dev.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+# https://github.com/starr-dusT/dotfiles
+
+image_name="<image name>"
+container_name="<container name>"
+
+# if container image doesn't exist build it
+if [ "$(docker images -q $image_name)" ]; then
+    echo "Image exists don't need to build..."
+else
+    docker run -t "$image_name" .
+fi
+
+# if container doesn't exist run it else start/attach
+if [ "$(docker ps -a --filter "status=exited" --format "{{.Names}}" -f name=$container_name)" ]; then
+    echo "Attaching to existing container..."
+    docker start "$container_name"
+    docker attach "$container_name"
+else
+    echo "Running new container..."
+    docker run --name "$container_name" --network host -v ./:/home/dev/src -it "$image_name"
+fi

resources/wireguard/adjudicator.conf

@@ -1,7 +1,7 @@
 [Interface]
 # your own IP on the wireguard network
 Address = 192.168.3.2/24
-PrivateKey = {{ (secret "/run/secrets/wireguard/adjudicator") }}
+PrivateKey = <replace with secret>
 
 [Peer]
 PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=

resources/wireguard/bulwark.conf

@@ -1,7 +1,7 @@
 [Interface]
 # your own IP on the wireguard network
 Address = 192.168.3.4/24
-PrivateKey = {{ (secret "/run/secrets/wireguard/bulwark") }}
+PrivateKey = <replace with secret>
 
 [Peer]
 PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=