refactor: modular .bashrc.d/ structure
- Rewrite .bashrc as minimal loader (34 lines → loads .bashrc.d/*.sh)
- Clean .bash_profile: single source, Apple Silicon/Intel brew path
- Add .bashrc.d/ with 7 topic modules:
00_env.sh PS1, OSTYPE, colors, pyenv
10_aliases.sh universal aliases
20_functions.sh proxy, dbash, git helpers
30_work.sh work-host detection, LDAP, AWX, Juniper tools
(+ unified-hub-login with env-var creds)
40_k8s.sh kubectl completion + aliases
50_ai_env.sh WORKSPACE/DATA_ROOT/MODEL_ROOT paths
60_dotfiles.sh dotfiles manager aliases, zet shortcuts
- Secrets (SN_PASSWORD, LDAP bind PWs, Unified Hub token) moved
to ~/.bashrc.local (gitignored, written by setup script)
- Update .dotfiles_manifest to track .bashrc.d directory
This commit is contained in:
Kenji Morishige
@@ -107,6 +107,28 @@ dgit() {
|
||||
git -C "$DOTFILES_DIR" "$@"
|
||||
}
|
||||
|
||||
# Credentials file (never committed — chmod 600)
|
||||
CREDS_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/dotfiles/credentials"
|
||||
|
||||
# Read saved token (returns empty string if not set)
|
||||
_read_token() {
|
||||
[ -f "$CREDS_FILE" ] && grep -m1 '^GITEA_TOKEN=' "$CREDS_FILE" | cut -d= -f2- || true
|
||||
}
|
||||
|
||||
# Inject token into an HTTP(S) remote URL for a single git operation.
|
||||
# Keeps the stored remote URL clean — only the transient call gets credentials.
|
||||
_authed_url() {
|
||||
local url="$1"
|
||||
local token; token="${GITEA_TOKEN:-$(_read_token)}"
|
||||
if [[ -n "$token" && "$url" == http* ]]; then
|
||||
local host_path; host_path="${url#*://}"
|
||||
host_path="${host_path#*@}" # strip any existing user:pass
|
||||
echo "${url%%://*}://kenjim:${token}@${host_path}"
|
||||
else
|
||||
echo "$url"
|
||||
fi
|
||||
}
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# COMMAND: init
|
||||
# -----------------------------------------------------------------------
|
||||
@@ -200,6 +222,9 @@ vault/
|
||||
# Machine-local overrides — never commit (written by setup_enterprise_ai_bash.sh)
|
||||
.bashrc.local
|
||||
.bash_profile.local
|
||||
|
||||
# Credential store — never commit
|
||||
.config/dotfiles/credentials
|
||||
GITIGNORE
|
||||
|
||||
# Seed README
|
||||
@@ -403,6 +428,8 @@ cmd_sync() {
|
||||
bold "=== Syncing from remote ==="
|
||||
is_git_repo || die "Not a git repo: $DOTFILES_DIR. Run 'init' first."
|
||||
|
||||
local pull_url; pull_url="$(_authed_url "$DOTFILES_REMOTE")"
|
||||
|
||||
# Stash any local changes so pull is clean
|
||||
local stashed=false
|
||||
if ! dgit diff --quiet || ! dgit diff --cached --quiet; then
|
||||
@@ -411,8 +438,10 @@ cmd_sync() {
|
||||
stashed=true
|
||||
fi
|
||||
|
||||
dgit pull --rebase origin main 2>/dev/null || dgit pull --rebase origin master 2>/dev/null || {
|
||||
warn "Could not pull (remote unreachable or branch mismatch). Working offline."
|
||||
dgit pull --rebase "$pull_url" main 2>/dev/null || \
|
||||
dgit pull --rebase "$pull_url" master 2>/dev/null || {
|
||||
warn "Could not pull (remote unreachable or no token set). Working offline."
|
||||
warn "Run 'dotfiles auth' to save credentials if push/pull keep failing."
|
||||
}
|
||||
|
||||
if $stashed; then
|
||||
@@ -423,6 +452,49 @@ cmd_sync() {
|
||||
success "Sync complete."
|
||||
}
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# CREDENTIAL HELPERS — cmd_auth is defined further below
|
||||
# (CREDS_FILE, _read_token, _authed_url are in the HELPERS block above)
|
||||
# -----------------------------------------------------------------------
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# COMMAND: auth — save Gitea credentials once
|
||||
# -----------------------------------------------------------------------
|
||||
cmd_auth() {
|
||||
bold "=== Gitea Authentication Setup ==="
|
||||
echo
|
||||
info "Remote: $DOTFILES_REMOTE"
|
||||
info "Credentials are saved to $CREDS_FILE (chmod 600, never committed)"
|
||||
echo
|
||||
echo "Options:"
|
||||
echo " [1] Personal Access Token (recommended — Settings → Applications → Generate Token)"
|
||||
echo " [2] Password (not recommended)"
|
||||
read -r -p "Choice [1]: " _method
|
||||
_method="${_method:-1}"
|
||||
|
||||
local token
|
||||
if [[ "$_method" == "2" ]]; then
|
||||
read -r -s -p "Gitea password: " token; echo
|
||||
else
|
||||
echo
|
||||
info "To generate a token: $DOTFILES_REMOTE (open in browser)"
|
||||
info " → Settings (top-right avatar) → Applications → Generate Token"
|
||||
info " → Name it 'dotfiles', tick Contents+Write, copy the token"
|
||||
echo
|
||||
read -r -s -p "Paste token: " token; echo
|
||||
fi
|
||||
|
||||
[[ -z "$token" ]] && die "No token entered."
|
||||
|
||||
mkdir -p "$(dirname "$CREDS_FILE")"
|
||||
chmod 700 "$(dirname "$CREDS_FILE")"
|
||||
printf 'GITEA_TOKEN=%s\n' "$token" > "$CREDS_FILE"
|
||||
chmod 600 "$CREDS_FILE"
|
||||
|
||||
success "Credentials saved to $CREDS_FILE"
|
||||
info "Test with: dotfiles push"
|
||||
}
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# COMMAND: push
|
||||
# -----------------------------------------------------------------------
|
||||
@@ -444,11 +516,22 @@ cmd_push() {
|
||||
local branch
|
||||
branch=$(dgit rev-parse --abbrev-ref HEAD)
|
||||
|
||||
# Build push URL — inject token for HTTP remotes so we never hang on a prompt
|
||||
local push_url; push_url="$(_authed_url "$DOTFILES_REMOTE")"
|
||||
if [[ "$push_url" == "$DOTFILES_REMOTE" && "$DOTFILES_REMOTE" == http* ]]; then
|
||||
warn "No Gitea token found. Run 'dotfiles auth' to save one."
|
||||
warn "Attempting push anyway (may hang waiting for password)..."
|
||||
fi
|
||||
|
||||
# Set upstream on first push if needed
|
||||
if ! dgit config "branch.$branch.remote" &>/dev/null; then
|
||||
dgit push --set-upstream origin "$branch"
|
||||
dgit push --set-upstream "$push_url" "$branch"
|
||||
# Record the clean URL as upstream (not the token-embedded one)
|
||||
dgit remote set-url origin "$DOTFILES_REMOTE" 2>/dev/null || true
|
||||
dgit config "branch.$branch.remote" origin
|
||||
dgit config "branch.$branch.merge" "refs/heads/$branch"
|
||||
else
|
||||
dgit push origin "$branch"
|
||||
dgit push "$push_url" "$branch"
|
||||
fi
|
||||
|
||||
success "Pushed to $DOTFILES_REMOTE ($branch)."
|
||||
@@ -802,6 +885,7 @@ ${BOLD}COMMANDS — Core${RESET}
|
||||
sync Pull latest from remote, reapply symlinks
|
||||
push [message] Commit all changes and push to $DOTFILES_REMOTE
|
||||
status / list Show tracked files and symlink health
|
||||
auth Save Gitea token so push never prompts for credentials
|
||||
|
||||
${BOLD}COMMANDS — SSH & Keys${RESET}
|
||||
ssh-setup Guided SSH config + key migration
|
||||
@@ -945,6 +1029,7 @@ main() {
|
||||
ssh-setup) cmd_ssh_setup "$@" ;;
|
||||
ssh-export) cmd_ssh_export "$@" ;;
|
||||
ssh-import) cmd_ssh_import "$@" ;;
|
||||
auth) cmd_auth "$@" ;;
|
||||
remote-bootstrap) cmd_remote_bootstrap "$@" ;;
|
||||
help|--help|-h) cmd_help ;;
|
||||
*)
|
||||
|
||||
Reference in New Issue
Block a user