michaelkosir · July 17, 2025 13:47
diff --git a/.zshrc b/.zshrc
 # .zshrc
 autoload -Uz compinit
 compinit

 VAULT_ENCRYPTION_KEY="example"

 # export
 export PATH="$PATH:/Users/michael.kosir/.hcv/bin"
 export DOCKER_HOST="unix:///Users/$USER/.colima/docker.sock"

 # aliases
 alias ll="ls -alG"
 alias watch="watch "
 alias clip="pbcopy" 
 alias flush="sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder"

 # kubectl
 alias k="kubectl"
 source <(kubectl completion zsh)

 # crc (openshift)
 source <(crc completion zsh)
 eval $(crc oc-env)
 source <(oc completion zsh)

 # doormat
 source <(doormat completion zsh)

 # Usage:
 #   llm
 #   llm start
 #   llm stop
 llm() {
  if [[ -z $1 || $1 == "start" ]]; then
      if [[ ! $(ps aux | grep "[o]llama serve") ]]; then
        ollama serve >/dev/null 2>&1 &
        until nc -z localhost 11434 >/dev/null 2>&1; do
          sleep 0.1
        done
      fi
      ollama run llama3.1:8b
  elif [ $1 = "stop" ]; then
      pkill ollama
  else
      echo "Invalid command. Usage: ollama {start|stop}"
  fi
 }

 # Usage:
 #   vdev
 #   vdev start
 #   vdev ent
 #   vdev stop
 vdev() {
  if [[ -z $1 || $1 == "start" || $1 == "ent" ]]; then
    echo "Starting Vault development server..."

    # environment variables
    export VAULT_ADDR='http://localhost:8200'
    export VAULT_TOKEN='root'

    # check if Vault is not running
    if [ -z "$(docker ps -qf name=vault)" ]; then

      if [[ -n $1 && $1 == "ent" ]]; then
        image="hashicorp/vault-enterprise:latest"
      else
        image="hashicorp/vault:latest"
      fi

      docker run \
        --rm \
        --detach \
        --name=vault \
        --publish=8200:8200 \
        --net=kind \
        --env='VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200' \
        --env='VAULT_DEV_ROOT_TOKEN_ID=root' \
        ${1:+--env="VAULT_LICENSE=$(cat ~/.hashicorp/vault.hclic)"} \
        $image server -dev -dev-no-kv
    fi
  elif [[ $1 == "stop" ]]; then
    echo "Stopping Vault development server..."

    # environment variables
    unset VAULT_ADDR
    unset VAULT_TOKEN

    # if running, stop Vault
    if [ "$(docker ps -qf name=vault)" ]; then
      docker stop vault
    fi

  else
    echo "Invalid argument. Use 'start' 'stop' 'ent' or 'enterprise'"
  fi
 }

 # Usage:
 #   pdev
 #   pdev start
 #   pdev stop
 pdev() {
  if [[ -z $1 || $1 == "start" ]]; then
    echo "Starting Postgres development server..."

    # check if Postgres is not running
    if [ -z "$(docker ps -qf name=postgres)" ]; then
      # start Postgres
      docker run \
      --rm \
      --detach \
      --name=postgres \
      --publish=5432:5432 \
      --net=kind \
      --env='POSTGRES_PASSWORD=root' \
      postgres:alpine
    fi

    export PGHOST=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' postgres)
    export PGUSER="postgres"
    export PGPASSWORD="root"

  elif [[ $1 == "stop" ]]; then
    echo "Stopping Postgres development server..."

    # if running, stop Postgres
    if [ "$(docker ps -qf name=postgres)" ]; then
      docker stop postgres
    fi

    unset PGHOST
    unset PGUSER
    unset PGPASSWORD

  else
    echo "Invalid argument. Use 'start' or 'stop'"
  fi
 }

 # Usage:
 #   wrap /path/to/secrets.env
 #   password | wrap
 wrap() {
  if [[ -p /dev/stdin || -s /dev/stdin ]]; then
    vault write -field=wrapping_token sys/wrapping/wrap data=-
  elif [[ -n $1 && -f $1 ]]; then
    vault write -field=wrapping_token sys/wrapping/wrap data=@$1
  fi
 }

 # Usage:
 #   unwrap <token>
 unwrap() {
  if [[ -n $1 ]]; then
    vault write -field=data sys/wrapping/unwrap token="$1"
  fi
 }

 # Usage:
 #   encrypt /path/to/secrets.env > out.enc
 #   echo -n "hello world!" | encrypt > out.enc
 encrypt() {
  if [[ -p /dev/stdin || -s /dev/stdin ]]; then
    base64 | vault write -field=ciphertext transit/encrypt/$VAULT_ENCRYPTION_KEY plaintext=-
  elif [[ -n $1 && -f $1 ]]; then
    base64 < $1 | vault write -field=ciphertext transit/encrypt/$VAULT_ENCRYPTION_KEY plaintext=-
  fi
 }

 # Usage:
 #   decrypt /path/to/file.enc > file.txt
 decrypt() {
  if [[ -n $1 && -f $1 ]]; then
    vault write -field=plaintext transit/decrypt/$VAULT_ENCRYPTION_KEY ciphertext=@$1 | base64 -d
  fi
 }

 # Usage:
 #   password
 #   password 32 | wrap
 password() {
  local length=${1:-20} # default length is 20

  # Validate the argument is an integer
  if ! [[ $length =~ ^[0-9]+$ ]]; then
    echo "Error: Argument must be an integer." >&2
    return 1
  fi

  # Validate the length is within the acceptable range
  if (( length < 8 || length > 64 )); then
    echo "Error: Length must be between 12 and 64." >&2
    return 1
  fi

  policy="length = $length
  rule \"charset\" {
    charset = \"abcdefghijklmnopqrstuvwxyz\"
    min-chars = 1
  }
  rule \"charset\" {
    charset = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\"
    min-chars = 1
  }
  rule \"charset\" {
    charset = \"0123456789\"
    min-chars = 1
  }
  rule \"charset\" {
    charset = \"!@#$%^&*\"
    min-chars = 1
  }"

  echo $policy | vault write sys/policies/password/$length policy=- > /dev/null 2>&1
  vault read -field=password sys/policies/password/$length/generate
 }
	# .zshrc
	autoload -Uz compinit
	compinit

	VAULT_ENCRYPTION_KEY="example"

	# export
	export PATH="$PATH:/Users/michael.kosir/.hcv/bin"
	export DOCKER_HOST="unix:///Users/$USER/.colima/docker.sock"

	# aliases
	alias ll="ls -alG"
	alias watch="watch "
	alias clip="pbcopy"
	alias flush="sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder"

	# kubectl
	alias k="kubectl"
	source <(kubectl completion zsh)

	# crc (openshift)
	source <(crc completion zsh)
	eval $(crc oc-env)
	source <(oc completion zsh)

	# doormat
	source <(doormat completion zsh)

	# Usage:
	# llm
	# llm start
	# llm stop
	llm() {
	if [[ -z $1 \|\| $1 == "start" ]]; then
	if [[ ! $(ps aux \| grep "[o]llama serve") ]]; then
	ollama serve >/dev/null 2>&1 &
	until nc -z localhost 11434 >/dev/null 2>&1; do
	sleep 0.1
	done
	fi
	ollama run llama3.1:8b
	elif [ $1 = "stop" ]; then
	pkill ollama
	else
	echo "Invalid command. Usage: ollama {start\|stop}"
	fi
	}

	# Usage:
	# vdev
	# vdev start
	# vdev ent
	# vdev stop
	vdev() {
	if [[ -z $1 \|\| $1 == "start" \|\| $1 == "ent" ]]; then
	echo "Starting Vault development server..."

	# environment variables
	export VAULT_ADDR='http://localhost:8200'
	export VAULT_TOKEN='root'

	# check if Vault is not running
	if [ -z "$(docker ps -qf name=vault)" ]; then

	if [[ -n $1 && $1 == "ent" ]]; then
	image="hashicorp/vault-enterprise:latest"
	else
	image="hashicorp/vault:latest"
	fi

	docker run \
	--rm \
	--detach \
	--name=vault \
	--publish=8200:8200 \
	--net=kind \
	--env='VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200' \
	--env='VAULT_DEV_ROOT_TOKEN_ID=root' \
	${1:+--env="VAULT_LICENSE=$(cat ~/.hashicorp/vault.hclic)"} \
	$image server -dev -dev-no-kv
	fi
	elif [[ $1 == "stop" ]]; then
	echo "Stopping Vault development server..."

	# environment variables
	unset VAULT_ADDR
	unset VAULT_TOKEN

	# if running, stop Vault
	if [ "$(docker ps -qf name=vault)" ]; then
	docker stop vault
	fi

	else
	echo "Invalid argument. Use 'start' 'stop' 'ent' or 'enterprise'"
	fi
	}

	# Usage:
	# pdev
	# pdev start
	# pdev stop
	pdev() {
	if [[ -z $1 \|\| $1 == "start" ]]; then
	echo "Starting Postgres development server..."

	# check if Postgres is not running
	if [ -z "$(docker ps -qf name=postgres)" ]; then
	# start Postgres
	docker run \
	--rm \
	--detach \
	--name=postgres \
	--publish=5432:5432 \
	--net=kind \
	--env='POSTGRES_PASSWORD=root' \
	postgres:alpine
	fi

	export PGHOST=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' postgres)
	export PGUSER="postgres"
	export PGPASSWORD="root"

	elif [[ $1 == "stop" ]]; then
	echo "Stopping Postgres development server..."

	# if running, stop Postgres
	if [ "$(docker ps -qf name=postgres)" ]; then
	docker stop postgres
	fi

	unset PGHOST
	unset PGUSER
	unset PGPASSWORD

	else
	echo "Invalid argument. Use 'start' or 'stop'"
	fi
	}

	# Usage:
	# wrap /path/to/secrets.env
	# password \| wrap
	wrap() {
	if [[ -p /dev/stdin \|\| -s /dev/stdin ]]; then
	vault write -field=wrapping_token sys/wrapping/wrap data=-
	elif [[ -n $1 && -f $1 ]]; then
	vault write -field=wrapping_token sys/wrapping/wrap data=@$1
	fi
	}

	# Usage:
	# unwrap <token>
	unwrap() {
	if [[ -n $1 ]]; then
	vault write -field=data sys/wrapping/unwrap token="$1"
	fi
	}

	# Usage:
	# encrypt /path/to/secrets.env > out.enc
	# echo -n "hello world!" \| encrypt > out.enc
	encrypt() {
	if [[ -p /dev/stdin \|\| -s /dev/stdin ]]; then
	base64 \| vault write -field=ciphertext transit/encrypt/$VAULT_ENCRYPTION_KEY plaintext=-
	elif [[ -n $1 && -f $1 ]]; then
	base64 < $1 \| vault write -field=ciphertext transit/encrypt/$VAULT_ENCRYPTION_KEY plaintext=-
	fi
	}

	# Usage:
	# decrypt /path/to/file.enc > file.txt
	decrypt() {
	if [[ -n $1 && -f $1 ]]; then
	vault write -field=plaintext transit/decrypt/$VAULT_ENCRYPTION_KEY ciphertext=@$1 \| base64 -d
	fi
	}

	# Usage:
	# password
	# password 32 \| wrap
	password() {
	local length=${1:-20} # default length is 20

	# Validate the argument is an integer
	if ! [[ $length =~ ^[0-9]+$ ]]; then
	echo "Error: Argument must be an integer." >&2
	return 1
	fi

	# Validate the length is within the acceptable range
	if (( length < 8 \|\| length > 64 )); then
	echo "Error: Length must be between 12 and 64." >&2
	return 1
	fi

	policy="length = $length
	rule \"charset\" {
	charset = \"abcdefghijklmnopqrstuvwxyz\"
	min-chars = 1
	}
	rule \"charset\" {
	charset = \"ABCDEFGHIJKLMNOPQRSTUVWXYZ\"
	min-chars = 1
	}
	rule \"charset\" {
	charset = \"0123456789\"
	min-chars = 1
	}
	rule \"charset\" {
	charset = \"!@#$%^&*\"
	min-chars = 1
	}"

	echo $policy \| vault write sys/policies/password/$length policy=- > /dev/null 2>&1
	vault read -field=password sys/policies/password/$length/generate
	}