phase 5: git-crypt re-init + re-encrypt secrets/ under new unified key
- .gitattributes declares secrets/** covered by git-crypt filter - New symmetric key at $HOME/.nixos-git-crypt.key (chmod 400, not committed) - All 36 files under secrets/ re-encrypted via the clean filter on 'git add': - 5 files in secrets/desktop/ (wifi, secureboot, disk pw, cache netrc, hash) - 3 files in secrets/home/ (hm api keys + steam id) - 26 files in secrets/server/ (.age + .nix + .tar + livekit_keys) - 2 files in secrets/usb-secrets/ (agenix identity) 'git-crypt status' confirms 36 encrypted, 150 non-encrypted. Old git-crypt keys from the two subtree-merged repos are in the historical subtree commits (pre-Phase 2). To decrypt pre-unify history one still needs the old GPG-encrypted keys, which survive at: ~/nixos-migration-aux-*.tar.gz
This commit is contained in:
primary
1
.gitattributes
vendored
Normal file
1
.gitattributes
vendored
Normal file
@@ -0,0 +1 @@
|
||||
secrets/** filter=git-crypt diff=git-crypt
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Reference in New Issue
Block a user