diff --git a/.gitignore b/.gitignore
index 834ec40..1286479 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,6 +26,9 @@ waybar/.config/waybar-crypto/config.ini
waybar/.local/share/fonts/TTF/*
waybar/.config/waybar/theme.css
xdg/.config/mimeapps.list
+hyprland/.config/hypr/themes/colors.conf
+.DS_Store
+gpg/.gnupg/gpg-agent.conf
!bat/.config/bat/themes/.gitkeep
!continue/.continue/config.json
!corectrl/.config/corectrl/profiles/.gitkeep
@@ -46,4 +49,3 @@ xdg/.config/mimeapps.list
!vscodium/.vscode-oss/argv.json
!waybar/.config/waybar/modules/crypto/.gitkeep
!waybar/.local/share/fonts/TTF/.gitkeep
-hyprland/.config/hypr/themes/colors.conf
diff --git a/data/gpg/gpg-agent.conf b/data/gpg/gpg-agent.conf
new file mode 100644
index 0000000..ca45c6f
--- /dev/null
+++ b/data/gpg/gpg-agent.conf
@@ -0,0 +1,4 @@
+enable-ssh-support
+ttyname $GPG_TTY
+default-cache-ttl 60
+max-cache-ttl 120
diff --git a/git/.gitconfig b/git/.gitconfig
index 6954882..170a2a6 100644
--- a/git/.gitconfig
+++ b/git/.gitconfig
@@ -1,6 +1,5 @@
[core]
pager = delta
- askpass = wayprompt-ssh-askpass
[interactive]
diffFilter = delta --color-only --features=interactive
@@ -100,9 +99,6 @@
[credential]
helper = cache timeout=14400
-[gpg]
- program = /usr/bin/gpg2
-
[init]
defaultBranch = main
diff --git a/gpg/.gnupg/gpg-agent.conf b/gpg/.gnupg/gpg-agent.conf
deleted file mode 100644
index 23f1116..0000000
--- a/gpg/.gnupg/gpg-agent.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-enable-ssh-support
-ttyname /dev/pts/1
-default-cache-ttl 60
-max-cache-ttl 120
-pinentry-program /usr/bin/pinentry-wayprompt
diff --git a/gpg/.gnupg/gpg.conf b/gpg/.gnupg/gpg.conf
index 3f842f1..971d935 100644
--- a/gpg/.gnupg/gpg.conf
+++ b/gpg/.gnupg/gpg.conf
@@ -1,9 +1,5 @@
# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html
# 'gpg --version' to get capabilities
-
-# Default key ID to use (helpful with throw-keyids)
-default-key 0x2B7340DB13C85766
-trusted-key 0x2B7340DB13C85766
# Use AES256, 192, or 128 as cipher
personal-cipher-preferences AES256 AES192 AES
# Use SHA512, 384, or 256 as digest
@@ -45,5 +41,27 @@ armor
use-agent
# Disable recipient key ID in messages (breaks Mailvelope)
throw-keyids
+# Default key ID to use (helpful with throw-keyids)
+default-key 0x2B7340DB13C85766
+trusted-key 0x2B7340DB13C85766
+# Group recipient keys (preferred ID last)
+#group keygroup = 0xFF00000000000003 0xFF00000000000002 0xFF00000000000001
+# Keyserver URL
+#keyserver hkps://keys.openpgp.org
+#keyserver hkps://keys.mailvelope.com
+#keyserver hkps://keyserver.ubuntu.com:443
+#keyserver hkps://pgpkeys.eu
+#keyserver hkps://pgp.circl.lu
+#keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
+# Keyserver proxy
+#keyserver-options http-proxy=http://127.0.0.1:8118
+#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
+# Enable key retrieval using WKD and DANE
+#auto-key-locate wkd,dane,local
+#auto-key-retrieve
# Trust delegation mechanism
trust-model tofu+pgp
+# Show expired subkeys
+#list-options show-unusable-subkeys
+# Verbose output
+#verbose
\ No newline at end of file
diff --git a/gpg/.gnupg/scdaemon.conf b/gpg/.gnupg/scdaemon.conf
index dcb4c18..eb818dd 100644
--- a/gpg/.gnupg/scdaemon.conf
+++ b/gpg/.gnupg/scdaemon.conf
@@ -1,4 +1 @@
disable-ccid
-pcsc-driver /usr/lib/libpcsclite.so
-card-timeout 5
-reader-port Yubico Yubikey
diff --git a/gpg/.local/bin/pinentry-auto b/gpg/.local/bin/pinentry-auto
new file mode 100755
index 0000000..18398fa
--- /dev/null
+++ b/gpg/.local/bin/pinentry-auto
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -Ceu
+
+_exists() {
+ type "$1" > /dev/null 2>&1
+}
+
+if [ -n "${DISPLAY-}" ]; then
+ _exists pinentry-dmenu && pe=$(which pinentry-dmenu)
+ _exists pinentry-wayprompt && pe=$(which pinentry-wayprompt)
+else
+ _exists pinentry-tty && pe=$(which pinentry-tty)
+ _exists pinentry-curses && pe=$(which pinentry-curses)
+ _exists pinentry-mac && pe=$(which pinentry-mac)
+fi
+
+case "${PINENTRY_USER_DATA-}" in
+ *USE_TTY=1*) pe=$(which pinentry-tty);;
+ *USE_CURSES=1*) pe=$(which pinentry-curses) ;;
+esac
+
+exec $pe "$@"
\ No newline at end of file
diff --git a/macos/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist b/macos/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist
new file mode 100644
index 0000000..ac11bf2
--- /dev/null
+++ b/macos/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist
@@ -0,0 +1,16 @@
+
+
+
+
+ Label
+ gnupg.gpg-agent-symlink
+ ProgramArguments
+
+ /bin/sh
+ -c
+ /bin/ln -sf $HOME/.gnupg/S.gpg-agent.ssh $SSH_AUTH_SOCK
+
+ RunAtLoad
+
+
+
\ No newline at end of file
diff --git a/macos/Library/LaunchAgents/gnupg.gpg-agent.plist b/macos/Library/LaunchAgents/gnupg.gpg-agent.plist
new file mode 100644
index 0000000..e030058
--- /dev/null
+++ b/macos/Library/LaunchAgents/gnupg.gpg-agent.plist
@@ -0,0 +1,17 @@
+
+
+
+
+ Label
+ gnupg.gpg-agent
+ RunAtLoad
+
+ KeepAlive
+
+ ProgramArguments
+
+ /usr/local/MacGPG2/bin/gpg-connect-agent
+ /bye
+
+
+
\ No newline at end of file
diff --git a/setup-macos.sh b/setup-macos.sh
new file mode 100755
index 0000000..f57590f
--- /dev/null
+++ b/setup-macos.sh
@@ -0,0 +1,175 @@
+#!/usr/bin/env bash
+
+gpg_primary_key=0x2B7340DB13C85766
+gpg_encryption_subkey=0x79C70BBE4865D828
+
+base_path=$PWD
+data_path="$base_path"/data
+
+declare -a brew_pkgs=(
+ bat
+ gnupg
+ go
+ helix
+ neovim
+ pinentry-mac
+ python
+ rust
+ stow
+ wget
+ ykman
+ yubikey-personalization
+)
+
+brew update || {
+ echo "failed to update homebrew"
+}
+
+brew install "${brew_pkgs[@]}" || {
+ echo "failed to install brew packages"
+}
+
+git submodule update --init --remote --progress omz/.oh-my-zsh/themes/powerlevel10k || {
+ echo "failed to update git submodules"
+ exit 1
+}
+
+git submodule foreach --recursive git clean -xfd || {
+ echo "failed to clean git submodules"
+ exit 1
+}
+
+git submodule foreach --recursive git reset --hard || {
+ echo "failed to reset git submodules"
+ exit 1
+}
+
+echo "Setting up GPG/SSH"
+gpg --list-keys >/dev/null
+
+declare -a mk_dirs=(
+ ~/.cargo
+ ~/.cargo
+ ~/.config
+ ~/.continue
+ ~/.local/bin
+ ~/.ssh
+)
+
+for mk_dir in "${mk_dirs[@]}"; do
+ mkdir -p "${mk_dir}"
+done
+
+declare -a conflict_paths=(
+ ~/.bashrc
+ ~/.continue/config.json
+ ~/.gnupg/common.conf
+ ~/.zshenv
+ ~/.zshrc
+)
+
+rm_if_not_stowed() {
+ if [[ -L "${1}" ]]; then
+ local symlink_path
+ symlink_path=$(readlink -f "${1}")
+ if [[ $symlink_path == *"${base_path}"* ]]; then
+ return 0
+ fi
+ fi
+
+ rm -rfv "${1}"
+}
+
+echo "Checking for files/directories that will conflict with stow"
+for conflict_path in "${conflict_paths[@]}"; do
+ rm_if_not_stowed "${conflict_path}"
+done
+
+echo "Appending custom pinentry script to gpg-agent.conf"
+# GNUPG is ridiculous and only allows env-vars in some of the options here, so we have to do this the convoluted way with a line append
+cp -v "$data_path"/gpg/gpg-agent.conf "$base_path"/gpg/.gnupg/gpg-agent.conf || {
+ echo "failed to copy gpg-agent.conf from data dir"
+ exit 1
+}
+echo "pinentry-program $HOME/.local/bin/pinentry-auto" | tee -a "$HOME"/.gnupg/gpg-agent.conf
+
+stow_config() {
+ stow -v "$1" || {
+ echo "Failed to stow ${1} config"
+ exit 1
+ }
+}
+
+declare -a stow_dirs_setup=(
+ bash
+ git
+ gpg
+ stow
+ zsh
+)
+
+echo "Stowing setup configs"
+for stow_dir in "${stow_dirs_setup[@]}"; do
+ stow_config "$stow_dir"
+done
+
+rsync --progress -ruacv -- macos/* "$HOME"/ || {
+ echo "failed to rsync macos config"
+ return 1
+}
+
+declare -a launch_agents=(
+ "$HOME"/Library/LaunchAgents/gnupg.gpg-agent.plist
+ "$HOME"/Library/LaunchAgents/gnupg.gpg-agent-symlink.plist
+)
+
+for launch_agent_dir in "${launch_agents[@]}"; do
+ launchctl unload "$launch_agent_dir"
+ launchctl load "$launch_agent_dir" || {
+ echo "failed to load $launch_agent_dir"
+ exit 1
+ }
+ echo "Loaded $launch_agent_dir"
+done
+
+# If our primary GPG key is not yet imported, import it
+if [[ ! $(gpg --list-keys "$gpg_primary_key") ]]; then
+ gpg --import "$data_path"/gpg/2B7340DB13C85766.asc || {
+ echo "failed to import GPG pubkey"
+ exit 1
+ }
+
+ gpg --tofu-policy good "$gpg_primary_key" || {
+ echo "failed to set gpg tofu policy"
+ exit 1
+ }
+fi
+
+echo "Decrypting data"
+declare -a decrypt_data_paths_tuples=(
+ "${data_path}/ssh/config.asc.gpg ${base_path}/ssh/.ssh/config"
+)
+
+for decrypt_data_paths_tuple in "${decrypt_data_paths_tuples[@]}"; do
+ read -ra decrypt_data_paths <<<"$decrypt_data_paths_tuple"
+ if [[ -f "${decrypt_data_paths[0]}" ]]; then
+ gpg --quiet --no-verbose --local-user "${gpg_encryption_subkey}" --armor --decrypt --yes --output "${decrypt_data_paths[1]}" "${decrypt_data_paths[0]}" >/dev/null || {
+ echo "failed to decrypt file ${decrypt_data_paths[0]} to ${decrypt_data_paths[1]}"
+ exit 1
+ }
+ fi
+done
+
+declare -a stow_dirs_general=(
+ bat
+ continue
+ helix
+ nvim
+ rust
+ ssh
+)
+
+echo "Stowing general configs"
+for stow_dir in "${stow_dirs_general[@]}"; do
+ stow_config "$stow_dir"
+done
diff --git a/setup_all.sh b/setup.sh
similarity index 99%
rename from setup_all.sh
rename to setup.sh
index d66ef72..4d48335 100755
--- a/setup_all.sh
+++ b/setup.sh
@@ -462,7 +462,7 @@ systemd_user_enable_start /usr/lib/systemd/user/gpg-agent.service
gpg_ssh_agent
-# If our primary GPG key is not yet imported, do that and
+# If our primary GPG key is not yet imported, import it
if [[ ! $(gpg --list-keys "$gpg_primary_key") ]]; then
gpg --import "$data_path"/gpg/2B7340DB13C85766.asc || {
echo "failed to import GPG pubkey"
diff --git a/zsh/.zshenv b/zsh/.zshenv
index ed3db58..a7eaeb3 100644
--- a/zsh/.zshenv
+++ b/zsh/.zshenv
@@ -2,97 +2,105 @@
# General Environment Variables #
#################################
-# Export env vars from systemd user units
-# shellcheck disable=SC1090,SC1091
-source <(systemctl --user show-environment | sed 's/ //g; s/^/export /')
-
-export BEMENU_OPTS="-n -m -1 --nb #000b1ecc --tb #000b1ecc --tf #ea00d9ff --nf #0abdc6ff"
-
############
# GPG #
############
-export GPG_TTY=${TTY:-"$(tty)"}
-
-############
-# Golang #
-############
-export GOPATH=$HOME/go
-export GOROOT=/usr/lib/go
-export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
-export GO111MODULE=on
-
-############
-# Rust #
-############
-CARGO_BIN=$HOME/.cargo/bin
-export PATH=$CARGO_BIN:$PATH
-
-###########
-# Android #
-###########
-export ANDROID_HOME=$HOME/Android
-export ANDROID_USER_HOME=$HOME/.android
-export CAPACITOR_ANDROID_STUDIO_PATH=$(whereis android-studio)
-export PATH=$PATH:$ANDROID_HOME/tools
-export PATH=$PATH:$ANDROID_HOME/tools/bin
-export PATH=$PATH:$ANDROID_HOME/platform-tools
-export PATH=$PATH:$ANDROID_HOME/emulator
-
-############
-# Vim #
-############
-export EDITOR=/usr/bin/nvim
-export VISUAL=/usr/bin/nvim
-
-# Preferred editor for remote sessions
-if [[ ! -z "${SSH_CONNECTION+x}" ]]; then
- if [[ ! -n "${SSH_CONNECTION}" ]]; then
- export EDITOR='vim'
+CURRENT_TTY=$(tty)
+export GPG_TTY=$CURRENT_TTY
+
+if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+
+ # Export env vars from systemd user units
+ # shellcheck disable=SC1090,SC1091
+ source <(systemctl --user show-environment | sed 's/ //g; s/^/export /')
+
+ export BEMENU_OPTS="-n -m -1 --nb #000b1ecc --tb #000b1ecc --tf #ea00d9ff --nf #0abdc6ff"
+
+ ############
+ # Golang #
+ ############
+ export GOPATH=$HOME/go
+ export GOROOT=/usr/lib/go
+ export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
+ export GO111MODULE=on
+
+ ############
+ # Rust #
+ ############
+ CARGO_BIN=$HOME/.cargo/bin
+ export PATH=$CARGO_BIN:$PATH
+
+ ###########
+ # Android #
+ ###########
+ export ANDROID_HOME=$HOME/Android
+ export ANDROID_USER_HOME=$HOME/.android
+ export CAPACITOR_ANDROID_STUDIO_PATH=$(whereis android-studio)
+ export PATH=$PATH:$ANDROID_HOME/tools
+ export PATH=$PATH:$ANDROID_HOME/tools/bin
+ export PATH=$PATH:$ANDROID_HOME/platform-tools
+ export PATH=$PATH:$ANDROID_HOME/emulator
+
+ ############
+ # Vim #
+ ############
+ export EDITOR=/usr/bin/nvim
+ export VISUAL=/usr/bin/nvim
+
+ # Preferred editor for remote sessions
+ if [[ ! -z "${SSH_CONNECTION+x}" ]]; then
+ if [[ ! -n "${SSH_CONNECTION}" ]]; then
+ export EDITOR='vim'
+ fi
fi
-fi
-
-#############
-# Node.js #
-#############
-NPM_CONFIG_PREFIX=~/.npm-global
-export PATH=$NPM_CONFIG_PREFIX/bin:$PATH
-NODE_PATH=$(npm root -g)
-export NODE_PATH=${NODE_PATH}
-
-export NVM_DIR="$HOME/.nvm"
-# shellcheck disable=SC1091
-[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
-# shellcheck disable=SC1091
-[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
-
-############
-# Python #
-############
-export PYDEVD_CONTAINER_RANDOM_ACCESS_MAX_ITEMS=1000
-
-############
-# Conda #
-############
-export PATH=$PATH:/opt/anaconda/bin
-export PATH=$PATH:/opt/miniconda3/bin
-export CONDA_AUTO_ACTIVATE_BASE=false
-
-##########
-# Ruby #
-##########
-
-export GEM_HOME=$HOME/.gem
-# export PATH=$PATH:$GEM_HOME/ruby/2.6.0/bin
-
-##########
-# Perl #
-##########
-export PATH=$PATH:/usr/bin/vendor_perl
-export PATH=$PATH:/usr/bin/core_perl
-
-################
-# Other #
-################
-export PATH=$PATH:/opt/brother/scanner/brscan5
-export AMDGPU_TARGETS="gfx1030"
+ #############
+ # Node.js #
+ #############
+ NPM_CONFIG_PREFIX=~/.npm-global
+ export PATH=$NPM_CONFIG_PREFIX/bin:$PATH
+
+ NODE_PATH=$(npm root -g)
+ export NODE_PATH=${NODE_PATH}
+
+ export NVM_DIR="$HOME/.nvm"
+ # shellcheck disable=SC1091
+ [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
+ # shellcheck disable=SC1091
+ [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
+
+ ############
+ # Python #
+ ############
+ export PYDEVD_CONTAINER_RANDOM_ACCESS_MAX_ITEMS=1000
+
+ ############
+ # Conda #
+ ############
+ export PATH=$PATH:/opt/anaconda/bin
+ export PATH=$PATH:/opt/miniconda3/bin
+ export CONDA_AUTO_ACTIVATE_BASE=false
+
+ ##########
+ # Ruby #
+ ##########
+
+ export GEM_HOME=$HOME/.gem
+ # export PATH=$PATH:$GEM_HOME/ruby/2.6.0/bin
+
+ ##########
+ # Perl #
+ ##########
+ export PATH=$PATH:/usr/bin/vendor_perl
+ export PATH=$PATH:/usr/bin/core_perl
+
+ ################
+ # Other #
+ ################
+ export PATH=$PATH:/opt/brother/scanner/brscan5
+ export AMDGPU_TARGETS="gfx1030"
+
+elif [[ "$OSTYPE" == "darwin"* ]]; then
+ LOCAL_BIN=$HOME/.local/bin
+ export PATH=$PATH:$LOCAL_BIN
+fi
diff --git a/zsh/.zshrc b/zsh/.zshrc
index 45f888a..38cd796 100644
--- a/zsh/.zshrc
+++ b/zsh/.zshrc
@@ -13,7 +13,7 @@ export TERM="xterm-256color"
# If you come from bash you might have to change your $PATH.
# export PATH=$HOME/bin:/usr/local/bin:$PATH
# Path to your oh-my-zsh installation.
-export ZSH=/home/$USER/.oh-my-zsh
+export ZSH=$HOME/.oh-my-zsh
# Set name of the theme to load. Optionally, if you set this to "random"
# it'll load a random theme each time that oh-my-zsh is loaded.
@@ -79,5 +79,7 @@ source $HOME/.aliases
# To customize prompt, run `p10k configure` or edit ~/.p10k.zsh.
([[ ! -f ~/.p10k.zsh ]] && [[ ! -L ~/.p10k.zsh ]]) || source ~/.p10k.zsh
-# NVM Init
-source /usr/share/nvm/init-nvm.sh
+if [[ "$OSTYPE" == "linux-gnu"* ]]; then
+ # NVM Init
+ source /usr/share/nvm/init-nvm.sh
+fi
\ No newline at end of file