#!/bin/bash
#
# Sources:
# https://gist.github.com/artizirk/d09ce3570021b0f65469cb450bee5e29
# https://gist.github.com/greeflas/431bc50c23532eee8a7d6c1d603f3921
#

echo "==> Add identity from keyserver.ubuntu.com"

gpg --keyserver keyserver.ubuntu.com --recv-keys A355308DA385BEF5

echo "==> Install YubiKey Manager"

sudo apt install -y yubikey-manager

ykman openpgp

sudo apt install -y gnupg pcscd scdaemon

mkdir -p ~/.gnupg
cat > ~/.gnupg/scdaemon.conf <<'EOF'
disable-ccid
pcsc-driver /usr/lib/x86_64-linux-gnu/libpcsclite.so.1
card-timeout 1

# Always try to use yubikey as the first reader
# even when other smart card readers are connected
# Name of the reader can be found using the pcsc_scan command
# If you have problems with gpg not recognizing the Yubikey
# then make sure that the string here matches exacly pcsc_scan
# command output. Also check journalctl -f for errors.
reader-port Yubico YubiKey
EOF

cat > ~/.gnupg/gpg.conf <<'EOF'
trust-model tofu+pgp
EOF

systemctl --user restart gpg-agent.service

gpg --card-status

echo "==> Setup YubiKey"

mkdir -p ~/.config/autostart
mkdir -p ~/.config/environment.d

cat > ~/.config/autostart/gnome-keyring-ssh.desktop <<'EOF'
[Desktop Entry]
Name=GNOME Keyring SSH Agent
Exec=/usr/bin/gnome-keyring-daemon --start --components=ssh
Type=Application
X-GNOME-Autostart-enabled=true
Hidden=true
EOF

cat >> ~/.profile <<'EOF'
export SSH_AUTH_SOCK=${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh
EOF

echo "==> Setup Git"

sudo apt install -y git

wget https://github.com/envoyr.keys -O ~/.ssh/envoyr.pub

git config --global user.name "Maurice Preuß"
git config --global user.email hello@envoyr.com
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/envoyr.pub

echo "Done! Please reboot..."