ebccdda936
A chezmoi-based fleet-dotfiles template for macOS workstations: - Two-way auto-sync via launchd watcher + 5-min puller - Mesh SSH via modify_authorized_keys driven by .chezmoidata/fleet.yaml - age-encrypted secrets file - Bundled Claude Code agentic team (11 agents) + /lite + /lite-sub commands - Verify-before-claiming Stop hook - Generic statusline + project-boundary validate-path hook - Reference launchd plist for cross-fleet task-durations aggregation (companion repo: gitea.tojo.team/cardinale/task-durations) - AGENTS.md walks an agent through the entire setup Q&A interactively - docs/ covers architecture, security model, fleet onboarding
24 lines
606 B
Cheetah
24 lines
606 B
Cheetah
#!/usr/bin/env bash
|
|
# modify_ script for authorized_keys
|
|
#
|
|
# chezmoi calls this with the CURRENT authorized_keys on stdin.
|
|
# We output the current content PLUS any missing fleet pubkeys.
|
|
# This preserves machine-specific entries while ensuring fleet access.
|
|
|
|
set -euo pipefail
|
|
|
|
# Read current authorized_keys from stdin
|
|
current=$(cat)
|
|
|
|
# Start with existing content
|
|
echo "$current"
|
|
|
|
# Append fleet pubkeys if not already present
|
|
{{ range $name, $data := .fleet -}}
|
|
{{ if ne $data.pubkey "" -}}
|
|
if ! echo "$current" | grep -qF '{{ $data.pubkey }}'; then
|
|
echo '{{ $data.pubkey }}'
|
|
fi
|
|
{{ end -}}
|
|
{{ end -}}
|