Add omp .env.age for provider API keys; install topgrade+cargo-update via PM
1. dot_omp/agent/encrypted_.env.age (NEW)
Encrypted shell-sourceable file with all omp provider API keys.
Decrypts to ~/.omp/agent/.env on apply. omp reads .env on startup
per docs/environment-variables.md. All 6 recipients (recovery +
5 boxes) can decrypt. Placeholder values for keys the user hasn't
added yet — fill in real values per-provider.
2. run_onchange_30-ensure-cargo.sh.tmpl (UPDATED)
- Add topgrade install: pacman on arch (via chaotic-aur), cargo on
debian (not in apt)
- Add cargo-update install: pacman on arch, cargo on debian
- Prefer OS package managers over cargo install when both are
available. cargo install only as fallback.
3. dot_omp/agent/config.yml (UNCHANGED)
Per user request: keep .local host endpoints (llama-swap.miche,
kaiser.local:8800). If a box can't reach them, it's not on the
local network and omp will error gracefully at request time.
This commit is contained in:
parent
07dbe83f52
commit
bd9b295b24
2 changed files with 88 additions and 4 deletions
38
dot_omp/agent/encrypted_.env.age
Normal file
38
dot_omp/agent/encrypted_.env.age
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyS3V1NDhvQU52VTRnQ3Ey
|
||||
UXg4cTVaTnFpVHhpMURMZTFuZ0xrckQzdFJRCnBvcDZMUGtqbXYxbk9wZDRCdnNt
|
||||
bHVsdzcwN05hZVdUZWpFVzlPc1dlcXMKLT4gWDI1NTE5IGQ0UGgydEhLYmdnUzRm
|
||||
dzhkTnkzcjM4SC83VGN6NnpObjVhVVY2dUxKZ2MKMGRuenJOZzhXMTFLamNGeWR4
|
||||
L3htQUs2c1ZLS3dOYlNCRkNiSTFzaTVtTQotPiBYMjU1MTkgK0tyZVJvOCtUVnk1
|
||||
UmdxTS8xOTBGamFNYVBoUEc4b1pISWF6c0YwMnFETQpDVmhETWFrZkhSMDhIS2l3
|
||||
QWJ5TkZSYnMveXRRandRNy9zQS9Ec1RqenNNCi0+IFgyNTUxOSBKMFpJYUdTbjJ0
|
||||
aHVtdDlzanJ0MlByT1RwNHBPYWFkaW5JTHVmTCtSMFFJCkhrTmcxMUJ3aytySklG
|
||||
K2g2NGJWZ1NsejNWd1JPcit3RnNqL2wvaFhOWmsKLT4gWDI1NTE5IDhwVngwT3Q2
|
||||
dE1iVmFVSi9YRUprWEVZMXJRL1U4SVIwS1VmSG10b3RhVkEKM0JQTU1EaU9pSG83
|
||||
alF6QlpNV2VaaXY4czR6cGsyRkcvNzA3M1hBT3k2OAotPiBYMjU1MTkgS0szV0px
|
||||
TTlDQUxSVW9RakNvU21keGsyaTAvZUo4cjYySGRpd0IzbTBFMAoyUjJRQTFpOXlE
|
||||
enR6YzlUbUFPWXdkaS8vSlFzc0p0RDRtUlpvS3RIcHhNCi0tLSBnaXpCY1p0aWdk
|
||||
SzdmaDR3REdQSnlXYzFOckpHbUJJMUw0a3QxWkxuejJnCo9Fk8UQVmnjk0REZmLK
|
||||
FdmuNxBvnGGWC4slOwPzPBRaPeNXfCf+KS5Lor06+2a9oF4uuI+7kBP2g7b3NySJ
|
||||
Z9Dp5RumFTOnpZ6tFHpZbOllgR8x5XvU0xyBF3eR+rMvgSQ1i2N14KqRfOVGN5oM
|
||||
RfJlfrXInOi0IZS5ekkeVh2JhLpTHdSWUlzqzswSH/kCX+EUzK6mAytZom9tQ9VH
|
||||
v9Qxj+2tOmXHWoEU8+GS/JXQ1uOX47uSO4/FaNrNbYAkAjAsr1EYHElovedjXwry
|
||||
V6Ept9y72NSdmqeIksE5f0xWBgVkICQT+FAoecdgPUrlWyGa6MYMzUUHbx1gPPm2
|
||||
Xreh+3K/pspx8ajJicfs8OzaiufE1zbjBUCKnKXnghdVbRMRgNoceifjs3nuPIsR
|
||||
nDhw2muFJqrSVdeFvz8O1sVqIIGky2ZX7Iz0hNJX081LDsHF1SFsvN1Jt0w3UdeF
|
||||
K/r7mgTIGzhb9nNdxirC+6NZPF2rvmc53fYb0TaUwDV5BbG8l3nWecq9HOH+5g/s
|
||||
W322ruHZI/OW67KiDLZYwntqI8hKwJK6O2ncrJJB/EpqXuacDyeAe0w9+X39R4PK
|
||||
46f3GMD6RyoUsCrN+SnE3jswdn0aOpzwiKcGjOb6k35PL2RtFWXADotwoAVR/bMf
|
||||
nhQBTKvi11ePH29bwZn7db0TnQ2xJq8z/9QDFIF+yCdtjZ/D9jX36F3UEnYPl7sQ
|
||||
LRzR4/wSHZYFxzTWdXfzMuWH3FCBPa9LshJCYKveJ+2k/9QP861W5A2zUOYhrubB
|
||||
9j/hOpE9JpCPPvg7izrgm2mqosjwlLszXaWYBwlZPKCn5GDssm2PMKStPfJKxc/Y
|
||||
cwPX1HDaijFGxeFr1KfJ2k9PPRt1cn2sb5RCvXaDCEOq7T/E7Fic+iOjf2/WL//8
|
||||
eob7TEHgIH4qucTQ0QJCATdB/29CgXluXTxih8pbSZmH5ujCzzUeap1X3/1QFjRZ
|
||||
iQ7BzL348Z18edXJDN45KgXbtz8GN8DHk/bQxI6mpbVqI4AyIXzRvR57S3rKcRMU
|
||||
dkM5T9qquLGbQ1jhADjlWJp3M/B8Wdxqf7U1GxEqACoRa2zxP2Krv72r2Tomn7dQ
|
||||
TSEs0Nt4dP9HzKbVngPoOD12IRVm0AvzgYyh/HRej7l2YXnUlHReB2EH6AZIjfBC
|
||||
tjHEujinOXuC6UWCPFSgWy2x8uR/PGIle6SGJTbTlUY5MMozZxWlNcYkgNZS3nUk
|
||||
sLHGjTEjvbdSTB6pfvUJ8h1suDUPqQ7kNPH1hDrYH5+CKaAOyC8hGJFS3wjaCXBU
|
||||
Gthi5odLQFDmcUCAzollJQZxBsfHEOxp+Bx3HuG46fob3iKMfwYlfZwc9FtsW1eX
|
||||
jIUrlA7MnrwUnxf36S0oZJ9k9Ay8U08Am1xKm02rCPKSo4RE8UT/srM=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
@ -4,6 +4,10 @@
|
|||
# Make sure rustup/cargo is available. If not, install rustup.
|
||||
# After cargo is ready, install bat from crates.io on debian (apt renames
|
||||
# upstream bat to batcat, which breaks .zshrc's `alias cat=bat`).
|
||||
# Also install topgrade (universal update tool) and cargo-update (so cargo
|
||||
# packages themselves can be bumped). Prefer OS package managers when
|
||||
# available — only fall back to `cargo install` if the package isn't in
|
||||
# apt/pacman/chaotic-aur.
|
||||
#
|
||||
# Runs on every apply because the script body rarely changes but we want a
|
||||
# fresh check after package installs.
|
||||
|
|
@ -31,16 +35,58 @@ export PATH="$HOME/.cargo/bin:$PATH"
|
|||
log "rustup installed: $(rustup --version 2>/dev/null || echo unknown)"
|
||||
log "cargo installed: $(cargo --version)"
|
||||
|
||||
# --- 2. Install bat from crates.io if missing (debian only) ---
|
||||
# --- 2. Install bat (upstream binary, not renamed batcat) ---
|
||||
# On debian, apt installs bat as "batcat" (Debian has its own unrelated bat).
|
||||
# The clean fix is cargo install on debian, pacman on arch.
|
||||
{{ if eq .os_family "debian" -}}
|
||||
if ! command -v bat >/dev/null 2>&1; then
|
||||
log "installing bat via cargo (upstream, debian renames it to batcat)"
|
||||
log "installing bat via cargo (debian renames upstream bat to batcat)"
|
||||
cargo install bat --locked
|
||||
log "bat installed: $(bat --version)"
|
||||
else
|
||||
log "bat already installed: $(bat --version)"
|
||||
fi
|
||||
{{ else -}}
|
||||
# Arch already installs upstream bat via pacman; nothing extra to do.
|
||||
# Arch already installs upstream bat via pacman [extra].
|
||||
log "skipping cargo bat install (os_family={{ .os_family }}, pacman handles it)"
|
||||
{{ end -}}
|
||||
{{ end -}}
|
||||
|
||||
# --- 3. Install topgrade (universal update tool) ---
|
||||
# topgrade walks through system packages, language toolchains, dev tools,
|
||||
# and runs each one's update command. It's a single command for "update
|
||||
# everything on this box."
|
||||
# - arch: topgrade is in [chaotic-aur] (we have chaotic-aur configured).
|
||||
# Use pacman to get system-tracked installs.
|
||||
# - debian: topgrade isn't in apt. Install via cargo (no PM alternative).
|
||||
if ! command -v topgrade >/dev/null 2>&1; then
|
||||
{{ if eq .os_family "arch" -}}
|
||||
log "installing topgrade via pacman (chaotic-aur)"
|
||||
sudo pacman -S --needed --noconfirm topgrade
|
||||
{{ else if eq .os_family "debian" -}}
|
||||
log "installing topgrade via cargo (debian has no topgrade package)"
|
||||
cargo install topgrade --locked
|
||||
{{ else -}}
|
||||
log "WARNING: topgrade install not configured for os_family={{ .os_family }}"
|
||||
{{ end -}}
|
||||
log "topgrade installed: $(topgrade --version | head -1)"
|
||||
else
|
||||
log "topgrade already installed: $(topgrade --version | head -1)"
|
||||
fi
|
||||
|
||||
# --- 4. Install cargo-update (so we can `cargo install-update -a`) ---
|
||||
# Used to bump cargo-installed packages. Arch has it in [extra]; debian
|
||||
# doesn't ship it.
|
||||
if ! command -v cargo-install-update >/dev/null 2>&1; then
|
||||
{{ if eq .os_family "arch" -}}
|
||||
log "installing cargo-update via pacman"
|
||||
sudo pacman -S --needed --noconfirm cargo-update
|
||||
{{ else if eq .os_family "debian" -}}
|
||||
log "installing cargo-update via cargo (debian has no cargo-update package)"
|
||||
cargo install cargo-update --locked
|
||||
{{ else -}}
|
||||
log "WARNING: cargo-update install not configured for os_family={{ .os_family }}"
|
||||
{{ end -}}
|
||||
log "cargo-update installed"
|
||||
else
|
||||
log "cargo-update already installed"
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue