diff --git a/bitwarden.sh b/bitwarden.sh new file mode 100644 index 0000000..0d7797f --- /dev/null +++ b/bitwarden.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +alias bw="sudo -u ${USERNAME} bw" + +bitwarden_is_authenticated() { + status=$(bw status |jq -r ".status") + [[ ! ${status} == "unauthenticated" ]] +} +bitwarden_is_locked() { + status=$(bw status |jq -r ".status") + [[ ${status} == "locked" ]] || ! bitwarden_is_authenticated +} + diff --git a/distribution/arch/install.sh b/distribution/arch/install.sh index 3b13223..fb33741 100644 --- a/distribution/arch/install.sh +++ b/distribution/arch/install.sh @@ -175,6 +175,7 @@ PACKAGES=( vde2 # Bitwarden, password manager bitwarden + bitwarden-cli # Docker/Kube docker kubectl diff --git a/distribution/ubuntu/install.sh b/distribution/ubuntu/install.sh index 60d4ced..8c8eca7 100644 --- a/distribution/ubuntu/install.sh +++ b/distribution/ubuntu/install.sh @@ -62,6 +62,7 @@ EXTRA_PACKAGES=( revolt-desktop bitwarden spotify + bw ) install_package_command() { @@ -142,33 +143,52 @@ extra_init() { # Install android-studio echo -ne "android-studio" snap install android-studio --classic >/dev/null 2>&1 - erase_text "android-studio" + if [ $? -ne 0 ]; then + echo "" + echo -e "${BRed}Could not install android-studio. Skipping.${NC}" + else + erase_text "android-studio" + fi # TODO: Install zen browser using official :) snap - curl -L -O https://git.vhaudiquet.fr/vhaudiquet/zen-browser-snap/releases/download/testing/zen-browser_1.14.11b_amd64.snap - snap install ./zen-browser_1.14.11b_amd64.snap --dangerous + echo -ne "zen-browser" + curl -L -O https://git.vhaudiquet.fr/vhaudiquet/zen-browser-snap/releases/download/testing/zen-browser_1.14.11b_amd64.snap >/dev/null 2>&1 + snap install ./zen-browser_1.14.11b_amd64.snap --dangerous >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "" + echo -e "${BRed}Could not install zen-browser. Skipping.${NC}" + else + erase_text "zen-browser" + fi + rm -f ./zen-browser_1.14.11b_amd64.snap echo -ne "github-cli" install_github_cli >/dev/null 2>&1 if [ $? -ne 0 ]; then + echo "" echo -e "${BRed}Could not install github-cli. Skipping.${NC}" + else + erase_text "github-cli" fi - erase_text "github-cli" # Docker, Kubectl echo -ne "docker" install_docker >/dev/null 2>&1 if [ $? -ne 0 ]; then + echo "" echo -e "${BRed}Could not install docker. Skipping.${NC}" + else + erase_text "docker" fi - erase_text "docker" echo -ne "kubectl" install_kubectl >/dev/null 2>&1 if [ $? -ne 0 ]; then + echo "" echo -e "${BRed}Could not install kubectl. Skipping.${NC}" + else + erase_text "kubectl" fi - erase_text "kubectl" } extra_finish() { diff --git a/gnome.sh b/gnome.sh index 36491a9..d4c86c6 100644 --- a/gnome.sh +++ b/gnome.sh @@ -23,10 +23,10 @@ configure_gnome_settings() { ${DBUS_LAUNCH} dconf write /org/gnome/shell/favorite-apps \ "['org.gnome.Nautilus.desktop', \ 'com.mitchellh.ghostty.desktop', \ - 'zen.desktop', 'app.zen_browser.zen.desktop', 'zen-browser_zen-browser.desktop',\ + 'zen.desktop', 'app.zen_browser.zen.desktop', 'zen-browser_zen-browser.desktop', \ 'code-oss.desktop', 'code_code.desktop', \ 'org.kicad.kicad.desktop', \ - 'android-studio.desktop', 'android-studio_android-studio.desktop'\ + 'android-studio.desktop', 'android-studio_android-studio.desktop', \ 'discord.desktop', 'discord_discord.desktop', \ 'org.gnome.Calculator.desktop', \ 'org.gnome.TextEditor.desktop', \ diff --git a/mymachine.sh b/mymachine.sh index 4551dcc..4632b13 100755 --- a/mymachine.sh +++ b/mymachine.sh @@ -57,8 +57,8 @@ if ! id "${USERNAME}" >/dev/null 2>&1; then fi if [ -z "${PASSWORD}" ]; then read -s -p "Password: " PASSWORD + echo "" fi - echo "" fi if [ -z "${EMAIL}" ]; then EMAIL=$(git config --global user.email) @@ -70,11 +70,31 @@ if [ -z "${USER_PICTURE_URL}" ] && [ ! -f "/var/lib/AccountsService/icons/${USER read -p "User profile picture URL (leave blank for none): " USER_PICTURE_URL fi +# Handle Bitwarden authentication +export BW_SESSION +source "${script_dir}/bitwarden.sh" +if ! bitwarden_is_authenticated; then + if [ -z "${BW_CLIENTID}" ]; then + read -p "Bitwarden client_id: " BW_CLIENTID + fi + if [ -z "${BW_CLIENTSECRET}" ]; then + read -p "Bitwarden client_secret: " BW_CLIENTSECRET + fi +fi +if bitwarden_is_locked; then + if [ -z "${BW_PASSWORD}" ]; then + read -s -p "Bitwarden password: " BW_PASSWORD + echo "" + fi +fi + # Make sure we are running as root if [[ $EUID -ne 0 ]]; then # If we are not running as root, try to relaunch ourselves as root echo -e "${BNC}Testing root access...${NC}" - sudo bash -c "USERNAME=${USERNAME} GIT_USER=${GIT_USER} EMAIL=${EMAIL} USER_COMMENT=${USER_COMMENT} USER_PICTURE_URL=${USER_PICTURE_URL} PASSWORD=${PASSWORD} ${script_dir}/${script_name}" + sudo bash -c "USERNAME=${USERNAME} GIT_USER=${GIT_USER} EMAIL=${EMAIL} USER_COMMENT=${USER_COMMENT} \ + USER_PICTURE_URL=${USER_PICTURE_URL} PASSWORD=${PASSWORD} BW_CLIENTID=${BW_CLIENTID} BW_CLIENTSECRET=${BW_CLIENTSECRET} \ + BW_PASSWORD=${BW_PASSWORD} BW_SESSION=${BW_SESSION} ${script_dir}/${script_name}" exit $? else echo -e "${BNC}Root access obtained.${NC}" @@ -218,6 +238,45 @@ if [ $? -ne 0 ]; then echo -e "${BRed}Failed to generate grub configuration. Skipping. Be careful !${NC}" fi +# Login to Bitwarden +if ! bitwarden_is_authenticated; then + if [ ! -z "${BW_CLIENTID}" ] && [ ! -z "${BW_CLIENTSECRET}" ]; then + BW_CLIENTID="${BW_CLIENTID}" BW_CLIENTSECRET="${BW_CLIENTSECRET}" bw login --apikey >/dev/null 2>&1 + fi +fi +if bitwarden_is_authenticated && bitwarden_is_locked; then + if [ ! -z "${BW_PASSWORD}" ]; then + export BW_SESSION=$(bw unlock --raw ${BW_PASSWORD}) + fi +fi +if ! bitwarden_is_locked; then + bw sync >/dev/null 2>&1 + + # Connect github cli using GH_TOKEN special field, if needed + gh auth status >/dev/null 2>&1 + if [ $? -ne 0 ]; then + GH_TOKEN=$(bw get item github.com |jq -r '.fields[]|select(.name=="GH_TOKEN")|.value') + if [ $? -ne 0 ] && [ ! -z GH_TOKEN ]; then + GH_TOKEN="${GH_TOKEN}" gh auth login -p https -h github.com >/dev/null 2>&1 + gh auth setup-git --hostname github.com + fi + fi + + # Obtain kubectl config + if [ ! -f "/home/${USERNAME}/.kube/config" ]; then + KUBE=$(bw get item kube) + if [ $? -eq 0 ]; then + sudo -u ${USERNAME} mkdir -p "/home/${USERNAME}/.kube/" + OBJECT_ID=$(echo "${KUBE}" |jq -r '.id') + ATTACHMENT_ID=$(echo "${KUBE}" |jq -r '.attachments[]|select(.fileName=="config")|.id') + bw get attachment "${ATTACHMENT_ID}" --itemid "${OBJECT_ID}" --raw >"/home/${USERNAME}/.kube/config" 2>/dev/null + if [ $? -ne 0 ]; then + echo -e "${BRed}Could not get .kube/config attachment from bitwarden. Skipping.${NC}" + fi + fi + fi +fi + # VPN configuration echo "Setting up VPN..." # sudo -u ${USERNAME} mkdir /home/${USERNAME}/.wireguard @@ -237,5 +296,5 @@ if [ "$MICROCODE_INSTALLED" == "false" ]; then fi fi echo "To use WireGuard, don't forget to add this client on VPN server (your private key is under ~/.wireguard/privatekey)" -echo "To use GitHub, you need to use 'gh auth login' to connect to GitHub" +echo "It is not possible to install browser extensions automatically, so you have to install them manually (Bitwarden)" echo -e "${BNC}Goodbye ! Make sure to ${BGreen}reboot${NC}${BNC} to apply all changes !${NC}"