From 08fefed7f311d85881bfeb9974b1c76638b3fd24 Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Sat, 24 Jan 2026 12:07:38 -0600
Subject: feat(email): add password decryption to setup script

- Add password decryption loop to scripts/setup-email.sh
- Decrypt .gpg files from assets/mail-passwords/ to ~/.config/
- Add encrypted password files (.gmailpass.gpg, .cmailpass.gpg)
- Fix missing paren in text-config.el that broke config parsing
- Clean up mail-config.el
---
 scripts/setup-email.sh | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

(limited to 'scripts')

diff --git a/scripts/setup-email.sh b/scripts/setup-email.sh
index 7607eb61..9cb23294 100755
--- a/scripts/setup-email.sh
+++ b/scripts/setup-email.sh
@@ -2,6 +2,7 @@
 # Craig Jennings <c@cjennings.net>
 
 # Typically run on a fresh installation on a new machine.
+# - Decrypts mail passwords from encrypted .gpg files to ~/.config/
 # - Validates all email components of my Emacs email setup are in place
 # - Validates local email directories exist; creates them if they don't exist
 # - Performs initial email sync to local directories
@@ -9,6 +10,11 @@
 
 set -euo pipefail
 
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+EMACS_DIR="$(dirname "$SCRIPT_DIR")"
+ENCRYPTED_PASSWORDS_DIR="$EMACS_DIR/assets/mail-passwords"
+PASSWORD_DEST_DIR="$HOME/.config"
+
 MBSYNC="$(command -v mbsync || true)"
 MU="$(command -v mu || true)"
 MU4EDIR="/usr/share/emacs/site-lisp/mu4e"
@@ -20,6 +26,35 @@ MAILROOT="$HOME/.mail"
 GMAILDIR="$MAILROOT/gmail"
 CMAILDIR="$MAILROOT/cmail"
 
+# Decrypt Mail Passwords
+# Loop through all .gpg files in assets/mail-passwords/
+# Skip if destination already exists, decrypt if missing
+echo "→ checking mail passwords..."
+if [[ -d "$ENCRYPTED_PASSWORDS_DIR" ]]; then
+    for gpg_file in "$ENCRYPTED_PASSWORDS_DIR"/*.gpg; do
+        [[ -f "$gpg_file" ]] || continue  # Skip if no .gpg files
+
+        filename=$(basename "$gpg_file")
+        dest_file="$PASSWORD_DEST_DIR/${filename%.gpg}"  # Strip .gpg extension
+
+        if [[ -f "$dest_file" ]]; then
+            echo "  ✓ $dest_file already exists, skipping"
+        else
+            echo "  → decrypting $filename..."
+            if gpg -q -d "$gpg_file" > "$dest_file" 2>/dev/null; then
+                chmod 600 "$dest_file"
+                echo "  ✓ created $dest_file"
+            else
+                echo "  ✗ failed to decrypt $filename"
+                rm -f "$dest_file"  # Clean up partial file
+                exit 1
+            fi
+        fi
+    done
+else
+    echo "  ⚠ encrypted passwords directory not found: $ENCRYPTED_PASSWORDS_DIR"
+fi
+
 # Check All Prerequisites
 [[ -x "$MBSYNC"   ]] || { echo "ERROR: mbsync not found. Install 'isync'."; exit 1; }
 [[ -x "$MU"       ]] || { echo "ERROR: mu not found. Install 'mu'."; exit 1; }
-- 
cgit v1.2.3