julianprester/linux-provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f8640c057fb61f461eab01c0a84967df9262675
linux-provisioning/stages/05-git.sh
Julian Prester f0e18fda45 Harden scripts for non-interactive provisioning 
- config/scripts/bw-load-ssh.sh: add ssh-agent retry loop (graphical
  session may not be ready when systemd fires); use process substitution
  instead of pipe to avoid subshell + set -e issues with LOADED counter
- stages/05-git.sh: remove interactive SSH key generation prompt (keys
  come from Bitwarden); pre-accept GitHub host key via ssh-keyscan
  to avoid first-connect prompt during git clone
- stages/04-shell.sh: add sudo chsh fallback (chsh may fail in
  non-interactive provisioning without PAM auth)
2026-06-07 14:34:25 +10:00

88 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# ===========================================================================
# Stage 05: Git Configuration & SSH Keys
# Deploys .gitconfig and optionally generates SSH keys.
# ===========================================================================
# The Pop machine's .gitconfig is well-optimised:
# - SSH key signing (gpg.format = ssh)
# - zdiff3 conflict style, histogram diff algorithm
# - rerere.enabled, autoSquash, autoStash
# - push.autoSetupRemote, pull.rebase, fetch.prune
# ===========================================================================
CONFIG_DIR="${SCRIPT_DIR:-$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)}/config"
# ---- Deploy .gitconfig ----
info "Deploying .gitconfig..."
if [ -f "$HOME/.gitconfig" ]; then
cp "$HOME/.gitconfig" "$HOME/.gitconfig.bak.$(date +%Y%m%d)" 2>/dev/null
warn "Backed up existing .gitconfig"
fi
# Use the template from config/git/gitconfig
# NOTE: This template does NOT contain your signing key or email.
# Edit it after deployment to set:
# [user]
# name = Your Name
# email = your.email@example.com
# signingkey = <your-ssh-public-key>
cp "${CONFIG_DIR}/git/gitconfig" "$HOME/.gitconfig"
ok ".gitconfig deployed."
warn "REMINDER: Edit ~/.gitconfig to set your name, email, and signingkey."
# ---- Deploy .gitignore_global ----
info "Deploying global .gitignore..."
if [ -f "$HOME/.gitignore" ]; then
warn "Global .gitignore already exists (keeping)."
else
# A sensible global gitignore for common OS + editor files
cat > "$HOME/.gitignore" << 'EOF'
# OS files
.DS_Store
Thumbs.db
Desktop.ini
# Editor/IDE
*.swp
*.swo
*~
.vscode/
.idea/
*.sublime-*
# Python
__pycache__/
*.py[cod]
*.egg-info/
.venv/
.eggs/
# Node
node_modules/
.npm/
# Rust
target/
EOF
ok "Global .gitignore deployed."
fi
# ---- SSH keys ----
# All SSH keys are stored in Bitwarden and loaded via bw-load-ssh.sh (stage 06).
# No local keys are generated.
info "SSH keys: loaded from Bitwarden via stage 06 (bw-load-ssh.sh)."
# ---- Pre-accept GitHub host key ----
# Avoids interactive prompt on first SSH connection to GitHub
if [ ! -f "$HOME/.ssh/known_hosts" ] || ! ssh-keygen -F github.com &>/dev/null; then
info "Adding github.com SSH host key to known_hosts..."
mkdir -p "$HOME/.ssh"
ssh-keyscan github.com >> "$HOME/.ssh/known_hosts" 2>/dev/null && \
chmod 644 "$HOME/.ssh/known_hosts" && \
ok "GitHub host key added." || warn "Could not fetch GitHub host key."
else
ok "GitHub host key already known."
fi
ok "Stage 05 complete: Git configured."
Reference in New Issue View Git Blame Copy Permalink