restore-secrets (1608B)
1 #!/usr/bin/env bash 2 set -euo pipefail 3 4 ARCHIVE="${1:?Usage: restore-secrets path/to/keys-YYYYMMDD.tar.gz.age}" 5 6 TMP="$(mktemp -d)" 7 trap 'rm -rf "$TMP"' EXIT 8 9 age -d "$ARCHIVE" | tar -xz -C "$TMP" 10 11 # GPG restore 12 if command -v gpg >/dev/null 2>&1 && [[ -f "$TMP/gpg/secret-keys.asc" ]]; then 13 gpg --import "$TMP/gpg/public-keys.asc" 2>/dev/null || true 14 gpg --import "$TMP/gpg/secret-keys.asc" 15 [[ -f "$TMP/gpg/ownertrust.txt" ]] && gpg --import-ownertrust "$TMP/gpg/ownertrust.txt" || true 16 fi 17 18 # SSH restore 19 if [[ -d "$TMP/ssh" ]]; then 20 mkdir -p "$HOME/.ssh" 21 rsync -a "$TMP/ssh/" "$HOME/.ssh/" 22 chmod 700 "$HOME/.ssh" 23 chmod 600 "$HOME/.ssh"/id_* 2>/dev/null || true 24 chmod 644 "$HOME/.ssh"/*.pub 2>/dev/null || true 25 fi 26 27 # AGE restore 28 if [[ -d "$TMP/age" ]]; then 29 mkdir -p "$HOME/.config/age" 30 rsync -a "$TMP/age/" "$HOME/.config/age/" 31 chmod 700 "$HOME/.config/age" 32 chmod 600 "$HOME/.config/age"/* 2>/dev/null || true 33 fi 34 35 # Skate restore 36 if command -v skate >/dev/null 2>&1 && [[ -f "$TMP/skate/skate.jsonl" ]]; then 37 python3 - "$TMP" <<'PY' 38 import base64, json, subprocess, sys, pathlib 39 tmp = pathlib.Path(sys.argv[1]) 40 path = tmp / "skate" / "skate.jsonl" 41 for line in path.read_text().splitlines(): 42 rec = json.loads(line) 43 val = base64.b64decode(rec["b64"]) 44 subprocess.check_call(["skate","set",f'{rec["key"]}@{rec["db"]}'], input=val) 45 PY 46 fi 47 48 # Oh-My-Zsh custom configs restore 49 if [[ -d "$TMP/omz/custom" ]]; then 50 echo "Restoring Oh-My-Zsh custom configs..." 51 mkdir -p "$HOME/.oh-my-zsh/custom" 52 rsync -a "$TMP/omz/custom/" "$HOME/.oh-my-zsh/custom/" 53 fi 54 55 echo "Restore complete." 56