encryption stuff

.git-crypt/.gitattributes

@@ -0,0 +1,4 @@
+# Do not edit this file.  To specify the files to encrypt, create your own
+# .gitattributes file in the directory where your files are.
+* !filter !diff
+*.gpg binary

nix/home-manager/no-gui.nix

@@ -178,22 +178,13 @@
   };
 
   age.secrets.gnupg = {
-    file = ./secrets/gnupg.age;
+    file = ./secrets/my-gpg.age;
-    path = "${homeDirectory}/.secrets/gnupg.tar";
+    path = "${homeDirectory}/.secrets/my-gpg.asc";
   };
 
-  home.activation.extractGnuPG =
+  home.activation.extractGnuPG = ''
-    let
+    ${pkgs.gnupg}/bin/gpg --import ${config.age.secrets.gnupg.path}
-      gnupg_dir = "${homeDirectory}/.gnupg";
+  '';
-    in
-    ''
-      #!/bin/sh
-      rm -fr ${gnupg_dir} || true
-      mkdir -p ${gnupg_dir}
-      ${pkgs.gnutar}/bin/tar xf ${config.age.secrets.gnupg.path} -C ${gnupg_dir}
-      find ${gnupg_dir} -type f -exec chmod 600 {} \;
-      find ${gnupg_dir} -type d -exec chmod 700 {} \;
-    '';
 
   #fish shell!
   programs.fish = import ./progs/fish.nix { inherit pkgs; };

nix/home-manager/secrets/secrets.nix

@@ -13,6 +13,6 @@ in
     [
       "server-password.age"
       "borg-laptop-password.age"
-      "gnupg.age"
+      "my-gpg.age"
     ]
 ))