diff --git a/docker-compose.yml b/docker-compose.yml index 17d6fc8..4cd151f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -121,7 +121,7 @@ services: - PROXY_URL # http proxy to use. if USE_PROXY_HOST is enabled will be set to http://PROXY_CONTAINER_NAME:8080 - PROXY_URL_SSL # https proxy to use. if USE_PROXY_HOST is enabled will be set to https://PROXY_CONTAINER_NAME:8080 - PROXY_AUTO_EXPORT_ENV # auto export HTTP_PROXY and HTTPS_PROXY vars equal to PROXY_URL - - DEV_CONTAINER=1.10.5 # used to detect if running inside dev container + - DEV_CONTAINER=1.10.6 # used to detect if running inside dev container volumes: - /var/run/docker.sock:/var/run/docker.sock # allow container to interact with host docker - "${GDC_DIR}:/root/gdc-host" # mount gdc folder inside container to get access to compose files diff --git a/docs/bitwarden/readme.md b/docs/bitwarden/readme.md index 805c64a..5d03ffb 100644 --- a/docs/bitwarden/readme.md +++ b/docs/bitwarden/readme.md @@ -37,7 +37,7 @@ Copy the SSM scripts from this repo in the /root/bin/aws folder and put in your Add the following to your .bashrc or .zshrc file your home directory. ```bash export AWS_PROFILE=YOUR-identity -alias load_aliases="eval \`bw get item aws_bash_rc | jq -r '.notes'\`"; +alias load_aliases="eval \`bw get item bw_bash_rc | jq -r '.notes'\`"; alias bw_reload="bw sync; load_aliases"; alias unlock='export BW_SESSION="$(bw unlock --raw)"; bw sync; load_aliases; echo "export BW_SESSION=$BW_SESSION;load_aliases"' echo "unlock" @@ -72,7 +72,7 @@ token to assume roles. You can then stretch the window bigger which will let you then stretch the note edit box bigger.** -Using your browser log into your Bitwarden vault and create a secure note named **[company]_aws_bash_rc** with the following content: +Using your browser log into your Bitwarden vault and create a secure note named **[company]_bash_rc** with the following content: ```bash alias [company]_aws_otp="bw get totp '[company]_aws_ident' | tr -d '\n'"; alias [company]_aws_assume="AWS_IDENTITY_ACCOUNT=[AWS_IDENTITY_ACCOUNT] source assume-role.sh [YOUR_AWS_SSO_ACCOUNT] [YOUR-identity]"; @@ -108,7 +108,7 @@ such as: The above script block is soft wrapping some lines, when you enter them ensure they are on a single line. ### Additional companies (optional) -Create a secure note named **[company2]_aws_bash_rc** with the following content: +Create a secure note named **[company2]_bash_rc** with the following content: ```bash alias [company2]_aws_otp="bw get totp '[company2]_aws_ident' | tr -d '\n'"; alias [company2]_aws_assume="AWS_IDENTITY_ACCOUNT=[AWS_IDENTITY_ACCOUNT] source assume-role.sh [YOUR_AWS_SSO_ACCOUNT] [YOUR-identity]"; @@ -122,10 +122,10 @@ echo "[company2] aliases loaded"; ``` ### Alias entrypoint -Now create a secure note named **aws_bash_rc** with the following content: +Now create a secure note named **bw_bash_rc** with the following content: ```bash -eval `bw get item [company]_aws_bash_rc | jq -r '.notes'`; -eval `bw get item [company2]_aws_bash_rc | jq -r '.notes'`; +eval `bw get item [company]_bash_rc | jq -r '.notes'`; +eval `bw get item [company2]_bash_rc | jq -r '.notes'`; echo "all aws aliases loaded"; ``` **_Omit company2 line if you are only using one company._** @@ -137,7 +137,7 @@ company / org then eval them all from the notes you create. #### Core * unlock - unlocks your vault, syncs it with cloud, and calls load_aliases. * * if you are using the dev container and PERSIST_BITWARDEN_SESSION=yes then it will also write your session key to /root/persisted/.bw_session and this file will be sourced by any other shells you open to reduce need to unlock vault. -* load_aliases - loads the secure note with name aws_bash_rc into your environment. +* load_aliases - loads the secure note with name bw_bash_rc into your environment. * bw_reload - syncs vault with cloud and calls load_aliases. #### Custom diff --git a/etc/skel/.bashrc b/etc/skel/.bashrc index b3fd545..b7e82fd 100644 --- a/etc/skel/.bashrc +++ b/etc/skel/.bashrc @@ -1,3 +1,4 @@ +START_TIME=$(date +%s) if [ "$FORCE_INTERACTIVE" != "yes" ]; then # If not running interactively, don't do anything case $- in @@ -163,7 +164,7 @@ if [ "$USE_BITWARDEN" = "yes" ]; then if [ "$SHOW_VERSIONS_ON_LOGIN" = "yes" ]; then echo "bitwarden cli version $(bw --version)" fi - alias load_aliases="eval \`bw get item aws_bash_rc | jq -r '.notes'\`" + alias load_aliases="eval \`bw get item bw_bash_rc | jq -r '.notes'\`" alias bw_reload="bw sync; load_aliases" if [ "$PERSIST_BITWARDEN_SESSION" = "yes" ]; then @@ -171,14 +172,15 @@ if [ "$USE_BITWARDEN" = "yes" ]; then if [ -r ~/persisted/.bw_session ]; then echo "Attempting to load existing bitwarden session..." . "$HOME/persisted/.bw_session" - bw get item aws_bash_rc --nointeraction --quiet - if [ $? -ne 0 ] ; then + BW_RC=$(bw get item bw_bash_rc --nointeraction 2>/dev/null | jq -r '.notes' 2>/dev/null) + if [ -z "$BW_RC" ] ; then echo -e $bldred"Existing session invalid$txtrst. Please run '$bldgrn""unlock$txtrst'" rm -f ~/persisted/.bw_session bw sync --nointeraction --quiet else - eval `bw get item aws_bash_rc | jq -r '.notes'` + eval $BW_RC fi + unset BW_RC else echo -e $bldylw"No existing bitwarden session found$txtrst. Please run '$bldgrn""unlock$txtrst'" fi @@ -274,4 +276,5 @@ if [[ -n "$PROXY_URL" && "$PROXY_AUTO_EXPORT_ENV" = "yes" ]]; then export HTTP_PROXY=$PROXY_URL export HTTPS_PROXY=$PROXY_URL fi - +END_TIME=$(date +%s) +echo "Shell startup took $(($END_TIME - $START_TIME)) seconds" diff --git a/k8s/etc/skel/.bashrc b/k8s/etc/skel/.bashrc index 8307788..2f7b022 100644 --- a/k8s/etc/skel/.bashrc +++ b/k8s/etc/skel/.bashrc @@ -158,7 +158,7 @@ fi if [ "$USE_BITWARDEN" = "yes" ]; then echo "bitwarden cli version $(bw --version)" - alias load_aliases="eval \`bw get item aws_bash_rc | jq -r '.notes'\`" + alias load_aliases="eval \`bw get item bw_bash_rc | jq -r '.notes'\`" alias bw_reload="bw sync; load_aliases" if [ "$PERSIST_BITWARDEN_SESSION" = "yes" ]; then