diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes new file mode 100644 index 0000000..665b10e --- /dev/null +++ b/.git-crypt/.gitattributes @@ -0,0 +1,4 @@ +# Do not edit this file. To specify the files to encrypt, create your own +# .gitattributes file in the directory where your files are. +* !filter !diff +*.gpg binary diff --git a/.git-crypt/keys/default/0/AF6A8929FDBAD915B69065400908F4B4DB72C73D.gpg b/.git-crypt/keys/default/0/AF6A8929FDBAD915B69065400908F4B4DB72C73D.gpg new file mode 100644 index 0000000..52c4ede Binary files /dev/null and b/.git-crypt/keys/default/0/AF6A8929FDBAD915B69065400908F4B4DB72C73D.gpg differ diff --git a/.git-crypt/keys/default/0/B4B6203BEFAB54034918F2E0A68297986D710740.gpg b/.git-crypt/keys/default/0/B4B6203BEFAB54034918F2E0A68297986D710740.gpg new file mode 100644 index 0000000..74a5df9 Binary files /dev/null and b/.git-crypt/keys/default/0/B4B6203BEFAB54034918F2E0A68297986D710740.gpg differ diff --git a/.git-crypt/keys/default/0/BED465025664C2BF8209F1E5073C16CD71F334CC.gpg b/.git-crypt/keys/default/0/BED465025664C2BF8209F1E5073C16CD71F334CC.gpg new file mode 100644 index 0000000..5095b2f Binary files /dev/null and b/.git-crypt/keys/default/0/BED465025664C2BF8209F1E5073C16CD71F334CC.gpg differ diff --git a/.git-crypt/keys/default/0/F1F3466458452B2DF351F1E864D12BA95ACE1F2D.gpg b/.git-crypt/keys/default/0/F1F3466458452B2DF351F1E864D12BA95ACE1F2D.gpg new file mode 100644 index 0000000..d35bb40 Binary files /dev/null and b/.git-crypt/keys/default/0/F1F3466458452B2DF351F1E864D12BA95ACE1F2D.gpg differ diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..a47d6ed --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +**/*.key filter=git-crypt diff=git-crypt diff --git a/flake.nix b/flake.nix index 708ffac..5e301c6 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,9 @@ just age sops + git + git-crypt + gnupg ]; }; }; diff --git a/system/keys/desktop/ssh.pub.key b/system/keys/desktop/ssh.pub.key index 4604ca9..ffbc68a 100644 Binary files a/system/keys/desktop/ssh.pub.key and b/system/keys/desktop/ssh.pub.key differ diff --git a/user/home.nix b/user/home.nix index 6b93564..ebf57f0 100644 --- a/user/home.nix +++ b/user/home.nix @@ -5,7 +5,6 @@ let pass-audit pass-otp pass-update - pass-tomb ]); in diff --git a/user/keys/age/README.md b/user/keys/age/README.md deleted file mode 100644 index 92284a8..0000000 --- a/user/keys/age/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Age Keys - -yubikey.pub.key - Cold storage backup for age encryption diff --git a/user/keys/age/yubikey.pub.key b/user/keys/age/yubikey.pub.key index 559bc52..026c9a8 100644 Binary files a/user/keys/age/yubikey.pub.key and b/user/keys/age/yubikey.pub.key differ diff --git a/user/keys/pgp/README.md b/user/keys/pgp/README.md deleted file mode 100644 index 50fb051..0000000 --- a/user/keys/pgp/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# PGP Keys - -yubikey.pub.key - -work.pub.key -> bryan.ramos@concurrent-rt.com -ccur.pub.key -> ? diff --git a/user/keys/pgp/ccur.pub.key b/user/keys/pgp/ccur.pub.key deleted file mode 100755 index 3ddf45c..0000000 --- a/user/keys/pgp/ccur.pub.key +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQINBGM8ZXIBEADD3ZTfTFYRtkgH4Mtjy5sxe3Z+3xqxtZFQUg1dFuvPHdQFrNCB -hbmEnMeyDC2FK92OLnYdnfO+evRg4V3AJSl0dyBM1m9bgSuuIw7b9ni3yYVbh4zg -BK0Dcj6E+zGrGMsPje08O+NdOh5pJLfY2Xra9LBGteN7Ck+NnDAwBhE4/0tdm5Y3 -bjvKyq3HelpTYLQFiwi2lFCXMEEUeGM3bAUWUEXZn5g8FbFm9Y9KMKivHsNvSFnd -7U3WZg9K1uDMV8+xA/+nxd7CqI03oafxEUlW48a0Z1nowzEbG22OOw0I78FtrqTj -PSKBlIJHYBEF/x0UMfeJnbnR89jJZihPzLRCpSzuMiX4NF39S1nnmpjcn+vwgngE -NIxPBXh4fOdBzvplgS/iaS/wxkoMcXgRe4qMVp/jQzE19XzxUkHcWFxUeG4L0gDJ -77STrDDpIBExkd2EAz1AtxRfuW1PD94uHex3ar41GfU088sYO1pmzwEl5h9ep/Zr -oHLfwb61h85V4+5tw+cFzOa1iA/Rgh/qOCVKrU/A9aibxDh1/x54wo7nwkCuIbjA -W/3wiNiQn9a/GRBoIoSwdpdd90RAxINhXiVqhzkCtQskeCrOiWyZRdHTOQnV6GDH -/s5EaPj4o4v1NpbBh+y4QMtJXk+rpV3ncyBJpBIWwswCXZhVqB6FFRy7uwARAQAB -tExDb25jdXJyZW50IFJlYWwtVGltZSBTb2Z0d2FyZSBTdXBwb3J0IChSVzlSS1lH -QSkgPHN1cHBvcnRAY29uY3VycmVudC1ydC5jb20+iQI+BBMBCAAoBQJjPGVyAhsD -BQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDcXtpJfTtL0m3hEACZ -P9QRj4I9puaXweAiaq1WHDztTBO0Xoi7D+7NlfQiZQ1bONdRN5tYQTCZighcXelQ -Zsjtz/rDrVykBC2r3dG5X81gDTZx9WwGhFu/MuaUnU1Df9LUIAi5FliypqRV/NtH -MyeaOATlpgEBkVBe2fcoCSIqrUJXdW2Cu38w+AJce4IuaUSJeWDiumcW5SvwpdiT -2qsKhbdyjdb2ayRipimEWsaNUDkxz3e6kvz1npgyk5CaLo82yzVMBGxAGfWrJqYr -TZOFm4UG1ObZCP8gq33LKOzB45UZP5lNE+5Cr68MC6tUF5s/Cai8BiskP+gWiDJQ -LPenKDjaf4H11s98/Dfw86DwKY2zfDXTkJ6nQXjqvnZYsovjeFJVXx9jjBh3i98W -5/VwogbWfwpbnRt/rtDq1MglqvHsL9QjA9CSaHRdy0hy2JmZ9S2msFrMR/DrKfcO -kCr8ciLilxvyCpaYUjRmH38w29YUW6JIImPtBlt4QpYiw9cLsU9RGLZ+nu40AFiC -rzo8xiYO6kXEk5znFRy5JzmiFu5QouhMpeVXXEnBZCt5j+A9DkzwlNShHl3UgWfg -xatllI0FUJsJpIKqQq1jkPdC+fZliN2dDKiVgTmz0VvFwZRCxMz30yhsX1ZhtPGx -U2Z/3xIyOE+OEp2iPnCD4fhBnOc6t39rOX7jhSqim7kCDQRjPGVyARAA2zN8zwUa -i8dkeUYxQDjQxhSZsTsE7VGvL5gGRZhJ8whFNxCcjya9xPbGNnsXh8Zp9MM6Ji7a -1OZt9qzOH3Corgp2KA2ascLLpby5OAnIR5fULfqh5XR6byH/X59myrV88mifGCmM -anEjK+Tw5KybaBEHkNE2G2aUzjrYAMsfQnnHgYT8jUN1LkXqHVftX/0dwrhOcCqJ -YjLP9Vp4gZEz/Y5PQEjaEG3U0YCtaBBmnekBZ8bozO0og5/zbnX+IsY1F0QBsCmZ -+cVSuheWhFIJTBK2jyF8mHzAauOtYHHJQYyRsXNuxt5uqYj1it2Hag2jw7+q+ZDx -7FzqcKyxvT+usczHH5QhtzZpWrgZE+Po/2gmEg7Qz/c1I4Hy7DtOVv7ql8kluGpM -NM3cQYivZ4LD7Qsbnfj72muCD5W+T2c044y8WGE0U7GVTQw2ej6eLXutizlzNTmu -eW1r1OvcLXQUH5Ck2DC8HOauoCRPpRZeP+OQuiJax0VFqGdC1s99TCYow15OKWeE -HYCLIhAqz1oKq/4p92HPEV33kx7cGVPBXagw/KZKFlKTVbhHZxWQQDYkTrh/Fx5p -197U4XUG5qxTmMo03uJeppAyufmfpuHX7JVkHfZfXx1ZJdsXKlMahT3z7GhkJgjm -mPaoUroDS0Ddvs7qzYMprPJpiI3V78Q5lakAEQEAAYkCJQQYAQgADwUCYzxlcgIb -DAUJCWYBgAAKCRDcXtpJfTtL0g5SD/9A8fGzmOpnO7u3zKsER5GPxHVuwc4NRDVa -UIEvTrmfR1DSgrIJR4jQ1I4rGeoZ/7kUaYd6l1b5Apj8zp+Z04l0+nlIKvdd97Mg -Sb4kVuyyeUQN2d83ETBcZQC31061bnjH/W3+j5ojDqvjxPFJ7bz/AmVbi0s9MElc -c9h+jJ8LtK24yNQ6ribq+7X4YY7G87eeCkXY+Rdv96V1aaNNortZHQPNAMQRDrK8 -sH2nsyfEifyyf3RGmnhrfvVkpPZvBrtoSZStdHqpbD8NRuZgmHFN2EUE210SgSU0 -/W2eGDb/VGgAd7Cfh/qncYZWPxRwcnmkAu+bbdeFiyVoCSMzNKY0+6Ub0B7xmCsH -V144cNW01HAOkv/RtFyUIzpY0RhV1SaJ5XqFFNnWpcYjYR5l2YJACvS39nD1Yd+S -+vCDTddpK1okCfk1oXRN7vUYPBjF7Suu+/Kets9FBGoypK+4L2WlC36XYIpBXohB -r/tMoQhcoq73sp04IG3k1+Am5yiCbDMU3+1UhT/m5tL3o02by0c60RMHU/T6vfE8 -qj3FjF7Qy37xoWmPCrWkpwPscG+WDogupBc3RpxGP9ET8Th+HJM0IpQLoKeDYl5I -9z/kRFbY243tkJ1r65TMfa5My9J9ZdP22ZcOR2ql5z2IT7dvuteupaD82ojSXPzJ -uWsnbjV0Rg== -=56r2 ------END PGP PUBLIC KEY BLOCK----- diff --git a/user/keys/pgp/company.pub.key b/user/keys/pgp/company.pub.key new file mode 100755 index 0000000..6b4030a Binary files /dev/null and b/user/keys/pgp/company.pub.key differ diff --git a/user/keys/pgp/work.pub.key b/user/keys/pgp/work.pub.key index 31e14fb..722f959 100755 Binary files a/user/keys/pgp/work.pub.key and b/user/keys/pgp/work.pub.key differ diff --git a/user/keys/pgp/yubikey.pub.key b/user/keys/pgp/yubikey.pub.key index a15a521..56c1b13 100644 Binary files a/user/keys/pgp/yubikey.pub.key and b/user/keys/pgp/yubikey.pub.key differ diff --git a/user/keys/ssh/README.md b/user/keys/ssh/README.md deleted file mode 100644 index 2ebbe16..0000000 --- a/user/keys/ssh/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# SSH Keys - -yubikey.pub.key -> PGP derived from `pgp.yubikey.pub.key` -work.pub.key - ? -graphone.pub.key -> For Android `pass` diff --git a/user/keys/ssh/graphone.pub.key b/user/keys/ssh/graphone.pub.key index d07e510..55e8f1b 100644 Binary files a/user/keys/ssh/graphone.pub.key and b/user/keys/ssh/graphone.pub.key differ diff --git a/user/keys/ssh/work.pub.key b/user/keys/ssh/work.pub.key index c4b3a55..3d61b38 100644 Binary files a/user/keys/ssh/work.pub.key and b/user/keys/ssh/work.pub.key differ diff --git a/user/keys/ssh/yubikey.pub.key b/user/keys/ssh/yubikey.pub.key index a840349..217a8e3 100644 Binary files a/user/keys/ssh/yubikey.pub.key and b/user/keys/ssh/yubikey.pub.key differ diff --git a/user/modules/security/gpg/default.nix b/user/modules/security/gpg/default.nix index 244eee1..bc3734a 100644 --- a/user/modules/security/gpg/default.nix +++ b/user/modules/security/gpg/default.nix @@ -28,7 +28,7 @@ in trust = 5; } { - text = "${config.user.keys.pgp.ccur}"; + text = "${config.user.keys.pgp.company}"; trust = 5; } ];