setup

personal system configuration scripts
git clone git://git.pyratebeard.net/setup.git
Log | Files | Refs | README
commit 7227cfdf5c0625cb03e5c7931971d99b904fedc5
parent 010bfd73672201a88a9234555fb3d6dd9bdf1051
Author: pyratebeard <root@pyratebeard.net>
Date:   Wed, 17 Sep 2025 14:45:26 +0100

feat(forge): improve bitwarden cred entry

instead of remembering to use /etc/environment prompt for creds

Diffstat:

MREADME.md | 5-----


Mforge | 19+++++++++++++++----


2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
@@ -24,10 +24,5 @@
 This is designed to be run on a brand new Debian server.  The `forge` script can be downloaded directly to the server using curl.  For SSH CA signing keys are extracted from BitWarden, setting the API key creds as env vars makes things smoother.
 ```
 apt-get update && apt-get upgrade -y && apt-get install -y curl
-cat << EOF >> /etc/environment
-> BW_CLIENTID="<enter apikey client id>"
-> BW_CLIENTSECRET="<enter apikey client secret>"
-> BW_PASSWORD="<enter master password>"
-> EOF
 curl -sL https://s.rum.sh/forge > forge && chmod +x forge && ./forge
 ```
diff --git a/forge b/forge
@@ -31,6 +31,18 @@ _echo "enter domain"
 read DOMAIN
 echo "$(hostname -s).${DOMAIN}" > /etc/hostname
 
+# ▓▓▒░ bitwarden creds
+_echo "enter bitwarden creds"
+echo "client id"
+read BW_CLIENTID
+export BW_CLIENTID
+echo "client secret"
+read BW_CLIENTSECRET
+export BW_CLIENTSECRET
+echo "password"
+read BW_PASSWORD
+export BW_PASSWORD
+
 # ▓▓▒░ locale
 _echo "setting up locales"
 locale-gen "en_US.UTF-8"
@@ -49,13 +61,12 @@ LC_ALL=en_US.UTF-8 ansible-galaxy collection install community.general
 _echo "bitwarden setup"
 curl -sL -o /run/forge/bw.zip "https://vault.bitwarden.com/download/?app=cli&platform=linux" && \
 	unzip -d /usr/local/bin /run/forge/bw.zip
-source /etc/environment
-BW_CLIENTID=$BW_CLIENTID BW_CLIENTSECRET=$BW_CLIENTSECRET bw login --apikey
-export BW_SESSION=$(BW_PASSWORD=$BW_PASSWORD bw unlock --passwordenv BW_PASSWORD --raw)
+bw login --apikey
+export BW_SESSION=$(bw unlock --passwordenv BW_PASSWORD --raw)
 BW_STATUS=$(bw status | jq -r '.status')
 [ ${BW_STATUS} == "unlocked" ] || {
         echo unlock failed
-        export BW_SESSION=$(BW_PASSWORD=$BW_PASSWORD bw unlock --raw)
+        export BW_SESSION=$(bw unlock --raw)
 }
 
 # ▓▓▒░ pull play