diff --git a/.gitattributes b/.gitattributes index b1c9c58..c41bb62 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,3 @@ secrets/** filter=git-crypt diff=git-crypt -usb-secrets/usb-secrets/usb-secrets-key filter=git-crypt diff=git-crypt +usb-secrets/usb-secrets-key* filter=git-crypt diff=git-crypt diff --git a/install.sh b/install.sh index 66f5bd4..4ce0ac2 100755 --- a/install.sh +++ b/install.sh @@ -30,12 +30,12 @@ trap cleanup EXIT # Decrypt secureboot keys using the key in the repo echo "Decrypting secureboot keys..." -if [[ ! -f "$FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key" ]]; then - echo "Error: usb-secrets-key not found at $FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key" +if [[ ! -f "$FLAKE_DIR/usb-secrets/usb-secrets-key" ]]; then + echo "Error: usb-secrets-key not found at $FLAKE_DIR/usb-secrets/usb-secrets-key" exit 1 fi -nix-shell -p age --run "age -d -i '$FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key' '$FLAKE_DIR/secrets/secureboot.tar.age'" | \ +nix-shell -p age --run "age -d -i '$FLAKE_DIR/usb-secrets/usb-secrets-key' '$FLAKE_DIR/secrets/secureboot.tar.age'" | \ tar -x -C /tmp/secureboot echo "Secureboot keys extracted" @@ -56,4 +56,4 @@ sudo $DISKO_INSTALL \ --flake "$FLAKE_DIR#muffin" \ --disk main "$DISK" \ --extra-files /tmp/secureboot /etc/secureboot \ - --extra-files "$FLAKE_DIR/usb-secrets/usb-secrets" /mnt/usb-secrets + --extra-files "$FLAKE_DIR/usb-secrets/usb-secrets-key" /mnt/usb-secrets/usb-secrets-key diff --git a/usb-secrets/usb-secrets/usb-secrets-key b/usb-secrets/usb-secrets-key similarity index 100% rename from usb-secrets/usb-secrets/usb-secrets-key rename to usb-secrets/usb-secrets-key diff --git a/usb-secrets/usb-secrets/usb-secrets-key.pub b/usb-secrets/usb-secrets/usb-secrets-key.pub deleted file mode 100644 index f6df05a..0000000 --- a/usb-secrets/usb-secrets/usb-secrets-key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8+eSX2LH5wEHVG9sSv97ceD5zdTarV0lRvoUso4A7p USB secrets decryption key