chore: moves ssh key into secrets

Signed-off-by: Menno van Leeuwen <menno@vleeuwen.me>

.gitignore

@@ -9,6 +9,7 @@ secrets/ssh_config/*.*
 !secrets/ssh_config/*.gpg
 secrets/*.*
 !secrets/*.gpg
+secrets/id_ed25519
 
 # SHA256 hashes of the encrypted secrets
 *.sha256

.vscode/settings.json

@@ -0,0 +1,10 @@
+{
+    "files.exclude": {
+        "**/.git": true,
+        "**/.svn": true,
+        "**/.hg": true,
+        "**/CVS": true,
+        "**/.DS_Store": true,
+        "**/*.sha256": true,
+    }
+}

.zshrc

@@ -82,8 +82,7 @@ fi
 
 # Alias for ssh.exe and ssh-add.exe on Windows WSL (microsoft-standard-WSL2)
 if [[ $(uname -a) == *"microsoft-standard-WSL2"* ]]; then
-    alias ssh='ssh.exe'
-    alias ssh-add='ssh-add.exe'
+    alias op='op.exe'
 fi
 
 ######################

bin/actions/secrets.sh

@@ -8,11 +8,18 @@ source $HOME/dotfiles/bin/helpers/functions.sh
 printfe "%s\n" "cyan" "Fetching password from 1Password..."
 echo -en '\r'
 
-output=$(op item get "SSH Config Secrets" --fields password)
+# if WSL alias op to op.exe
+if [[ $(uname -a) == *"microsoft-standard-WSL2"* ]]; then
+    alias op="op.exe"
+else
+    alias op="op"
+fi
+
+output=$(op item get "Dotfiles Secrets" --fields password)
 
 # Check if the password was found
 if [[ -z "$output" ]]; then
-    printfe "%s\n" "red" "Password not found in 1Password, add a login item with the name 'SSH Config Secrets' and give it a password."
+    printfe "%s\n" "red" "Password not found in 1Password, add a login item with the name 'Dotfiles Secrets' and give it a password."
     exit 1
 fi
 

bin/actions/update.sh

@@ -72,11 +72,18 @@ ensure_symlink() {
   desired_chmod=$(shyaml get-value "config.symlinks.$1.chmod" < "$HOME/dotfiles/config/config.yaml" 2>/dev/null)
 
   if [ -n "$desired_chmod" ]; then
-    # Check if the current source file has the correct chmod
-    current_chmod=$(stat -c %a "$source") # Check permissions of source file, since that's what chmod affects.
+    # Resolve the target if it is a symlink
+    resolved_target=$(readlink -f "$target")
+    
+    # If readlink fails, fall back to the original target
+    if [ -z "$resolved_target" ]; then
+      resolved_target="$target"
+    fi
+
+    current_chmod=$(stat -c %a "$resolved_target")
     if [ "$current_chmod" != "$desired_chmod" ]; then
-      printfe "%s\n" "yellow" "    - Changing chmod of $source to $desired_chmod"
-      chmod "$desired_chmod" "$source"
+      printfe "%s\n" "yellow" "    - Changing chmod of $resolved_target to $desired_chmod"
+      chmod "$desired_chmod" "$resolved_target"
     fi
   fi
 }

config/config.yaml

@@ -18,6 +18,16 @@ config:
       source: ~/dotfiles/config/ssh/config.d
       target: ~/.ssh/config.d
 
+    ssh_key:
+      source: ~/dotfiles/config/ssh/id_ed25519
+      target: ~/.ssh/id_ed25519
+      chmod: 600
+
+    ssh_key_public:
+      source: ~/dotfiles/config/ssh/id_ed25519.pub
+      target: ~/.ssh/id_ed25519.pub
+      chmod: 644
+
     ssh_authorized_keys:
       sources:
         mennos-laptop: ~/dotfiles/config/ssh/authorized_keys/mennos-laptop

config/ssh/config

@@ -1,4 +1,4 @@
 Host *
-    IdentityAgent ~/.1password/agent.sock
+    IdentityFile ~/.ssh/id_ed25519
 
 Include ~/.ssh/config.d/*.conf

config/ssh/id_ed25519

@@ -0,0 +1 @@
+../../secrets/id_ed25519

config/ssh/id_ed25519.pub

@@ -0,0 +1 @@
+../../secrets/id_ed25519.pub

secrets/id_ed25519.gpg

@@ -0,0 +1,12 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMKPDKFRvBnrMb/0sB/AQtSElOwVPsRyq2XVqk1YPDlAvZXHfoYn9SWWxpH
+mBRWYvFsnEeL2Z1Wyo1/1GEgDtPmu51R7+RxUVjI//+rhBd1voc5IQyEQKlC76OZ
+oSGWEwvZaViAn+GN1lhWuiQLpopvSuTIwWkGItqpj7AgBX8st37NR7gdZSJO6LOa
+OTcOG0SVToERT+LI5UagbUuyFBS92kBYXGrc5FICC3/UQfwcCNlWlQyYDNy9qLRj
+fnOlVIf5I/LCDBkdVUdSD0fIRfZS7jQowLyeQphdvGcqoXo0TEt4mMAu/4pjoaYr
+A5f+ONjQ7sk14Xq3hDa5mlZYbMq3YKRwBK7zkpdu08M6q9fcnQbbof6CVGJ7lVsH
+tBILFJ13FrDHdpAToQ5UgiL7xxTRt5OlDAC6rnJGDjqSBKhkVUdu4hOL8q245Eyg
+pw==
+=9acB
+-----END PGP MESSAGE-----

secrets/id_ed25519.pub.gpg

@@ -0,0 +1,8 @@
+-----BEGIN PGP MESSAGE-----
+
+jA0ECQMK0ezWdMz6xLD/0ooBfJdyZpS6uaY8p8IrD/OxtAIFd4UW+kiTHfq3/NEY
+2RcHHNerdmvPnsp2GUusb6y69qOHo52xU4BWHGyS+hGEi3NL/jetOr/F5Gv6IfVm
+sYeQm54ouvGm94AGffkuhAIfGqBw5oNaw7OAORMUaPHAu7kEOJKZV0LngNcl0ZPd
+dAq/aI7hxiXgBl4=
+=kF4Z
+-----END PGP MESSAGE-----

secrets/openai_api_key.secret.gpg

@@ -1,9 +1,9 @@
 -----BEGIN PGP MESSAGE-----
 
-jA0ECQMChCr/0lQWsGj/0sAJAUQccs6SJlU1XhRzjrpbPgWq9pIG52CLvnSHcqbD
-J/1s+WsvgIaM92XWp69j664XotJu8otq61qTHOsSuHREhwHFT3HC0vIt5ermH5oX
-+bXG8TIDSqTfyex20T8mMg6PIw5hz1ZZV8Vq67nvq2CytWYueYmv6LlIlxNi6ONt
-jfbv5Ftv1gcUifgcGcexWSAmmuDv6INwyYuX80CUvWbqS7qNn99JdTGpkjX0RJh9
-I+v9GeVQd8Q96SnXYFaJqka4w3kJw52kfMR9
-=KM2n
+jA0ECQMKZqW47AwNV37/0sAIARJo/Z56SlQn2Y5a4DLSxU/44Ozu9582ZXXwcos6
+/Wy2aoWAlbqOC9zOXFgqelmJDx8XcZ/RQG85uYANGZhPBawicVbl4XQUdRWY/yBi
+GFiGAHB/glIDenFK7ZmZpF1tycXjSL+ImOJMpsavNuYwsPGZ1ZFG6+rJEWffj62t
+tHpFAEpTkVtk5T85sPN5I7+J+CTW0SOVFn5orqwRYLd0CAw6TFs9mNx7CfIEEpFc
+9BGBujJPP6L2XSVdJ8KKRbcJFxPJyjNcY9Y=
+=Q/Tc
 -----END PGP MESSAGE-----

secrets/ssh_config/dev.conf.gpg

@@ -1,12 +1,12 @@
 -----BEGIN PGP MESSAGE-----
 
-jA0ECQMC/BZPwenUT3//0sCTAcyr6I3ouNAZQcZEHcdwvclXPquROhJ2+ltir56y
-YiZqcCx3otz+3/yj5r2+BJoUC+DYy99lgTiQNnPuBFiOYwuU4LECA7dspyznJ+w2
-9mytPrTO7NT5+uP1BRFG6ExZ5mI9075cxoYxBiOBVVBb4LwH51XuJdGm7NW9mHZY
-obZ4OGd5rubDpEJv4dBOlNfk6wSQ99xWxZxstGZP2K4tO67FhiPK4ocBmzOwC64c
-RrYANhvY3SpbCYIC9boK2VhlH11ewgyUlIHlPiyfGaGUK47H+a+Vbk9ON7wN3mC+
-2CVm7oDlYPutiNldKbeMQ8SbESfnKh6pi+p8u8AsLfghrcv+p2kFjKMM5RvagQWF
-uszEPs81ClSPJiPv43XWH++KCo39LAhGfNI5avqu8PxEHnZ8Im75EiRNutoKMkT5
-sj8dbnOZGNsd9tQDrBi2HcW+GygD
-=wSKi
+jA0ECQMKuzIJHbvXgjP/0sCRAWhdAU3Ndtz6maPvcLzvwDY6Z+BwnZSSdOzwf/v7
+ECbK/bJ/2wof1xsZfGHVSMRohEItQtuA4kmAd6a+2lGDoub0OtF/a5BEiOZSIS9m
+HajMlOpMVA3AuZTcLGJeCbW/voLb1hzIJ+NzFKDTXTm/q8jWnJ0ehkSE0bBRq97l
+gcRi2V86XpMeISurPUDffzeJWFOrrwI1URS/eURJs5ilhSSCW2M1Tb1AATNsiFIC
+eatQrWYRBrC4Drfhh2ua25CO2kZ/SIztltIjIHHFtGdS6r4Mh7VEX1Ttn2e54nm0
+RrDXaEZvDTBN71RaLrz17JzBYZNsrFgXi5tzjBL2rT7riMWxFjfs9MiLyCA32aWI
+5m/p14wbLOl9oz/bAMkvqq319FlyDRwz/bewffm3bx7/gnwraX0Pc5qWU7B1YuQc
+fcrqlx7QOrhTmlyYF8AnvRCdoQ==
+=ay+/
 -----END PGP MESSAGE-----

secrets/ssh_config/personal.conf.gpg

@@ -1,8 +1,8 @@
 -----BEGIN PGP MESSAGE-----
 
-jA0ECQMCmC0rPUWX/tn/0qkBzO65r93OhVcOG4qaKCi50U3LA9fieZsyY3KYfKmG
-lLco4wW7PY7qr+wMcHNwjKBrjhWbwMTWpbz8o3IJaRaajPk5e2OxsG5bjWtFqnOB
-mnLKIyEnTOwYQ1CYdvxo9MRgT+AZMpIrYNMy2g6oJziNnzh/uxVkEUBuzdksTPMw
-M4b+Sy4xxKlyJeEyaD7YDUsJGFVteA5FiOJdx6DCHBWgY7oAqeFwvQT4
-=zUhH
+jA0ECQMKtrNPsE/Otib/0qkBudhpQbcpLTsBIu7a2F0YAhM1fh7P0ECnD89TRoBh
+7wwuejYgjrNcrBextGITUXfWx70OQ2hasAGvxV9XGWkQrUU2LX+osqFOnYq9xbAe
+X+SC5ONsXv9M7I3EIhLCvEgJJvKgZAMQE+81sFLhn7QOsd8FLqnPT64Q2Z9IJnbD
+sQg3TkVASiS4nPHKehLSu5W8764OEvuvG5e0gB+iC6OUlINNcFio/7DK
+=qEfc
 -----END PGP MESSAGE-----

secrets/ssh_config/prod.conf.gpg

@@ -1,12 +1,11 @@
 -----BEGIN PGP MESSAGE-----
 
-jA0ECQMCx2esGIzau6n/0sB/Aa4MHSP1t4qfExD+RQz1FTsd2i4B+IhsGx+A1AfX
-azLvOumMj/166N2Ubm69DLFnHSt37L0Ns5J9wySacbl8j6TulUU/LPslllCQOwvc
-jI8atawjgdCAJb6m5++DQ1pf8+3ZRBJTXypXz5CsM+54aFDPM+MctdoDft1Xldza
-jVU2fJRFVuizpBGd/Xka+VeWXFQn1Tsq/r5jEzJEBbxIC9CfdLh4dRJA+EwKQVAc
-pPL8bdDzwPdLPbnXza4fW2zI+A10xylEOk0rV0kVZ+jrEpF7Vqa4Pu+w7po2Uwuj
-LCfuD4RoOyUtwbC4DmjrrNIYzPYdrwe+Na9sRBKLXFyvMaFpugceUP7IPJx3DCeF
-WVYdf0YA6BEd3Yq2NXcPqpX4aUJByuuHIMydEFh+EktK17E2PF2ASl16Qm9/na/t
-UA==
-=AibO
+jA0ECQMKRKyQPUttWk//0sB+AVvOAApr+FJLU798l0p3a8OoWetUiisNq8AxR1Cd
+dieyTKBi/H/UYkDis3/5UOcUohJuSWoNExnwAkZ5iEApcst47V9/QMjP6dFqxW7G
+Nuv27GOTLTluK3/zETjD3I83VgXSV/GcLzoOsS0QWpj9oEAnBV6brDoL7IX1sjQH
+b41mg7dkOzwKqYoXWFXZQ8U0vP/xpQs46RiTvfJCwgKDdq3r6YrR6hqnbX5TcFx0
+2ds0cCVPfmdod+Jv3K62RTwjF2PC3fDeDxsLgPv/HeMSDbH6ZnknOb5H8FQd9Biw
+lsF5RREEekxaou/k1+T1WqMb/u6ZlX13MedSvZoDybkxyya1FBCD8Io1uHwgC0/Y
+vKyQRi1GaH42yvwqhdahpUCipqowlCy8IeAA3R94j6DDtZLdtdcaA9cosN0beRjR
+=DPFS
 -----END PGP MESSAGE-----