From bc55d4203fb1f225a8267bc4e11e7afb8e502860 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Thu, 20 Nov 2025 21:02:33 -0500
Subject: [PATCH] install: cleanup key and secrets handling

---
 .gitattributes                                |   2 +-
 install.sh                                    |   8 ++++----
 usb-secrets/{usb-secrets => }/usb-secrets-key | Bin
 usb-secrets/usb-secrets/usb-secrets-key.pub   |   1 -
 4 files changed, 5 insertions(+), 6 deletions(-)
 rename usb-secrets/{usb-secrets => }/usb-secrets-key (100%)
 delete mode 100644 usb-secrets/usb-secrets/usb-secrets-key.pub

diff --git a/.gitattributes b/.gitattributes
index b1c9c58..c41bb62 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,3 @@
 secrets/** filter=git-crypt diff=git-crypt
-usb-secrets/usb-secrets/usb-secrets-key filter=git-crypt diff=git-crypt
+usb-secrets/usb-secrets-key* filter=git-crypt diff=git-crypt
 
diff --git a/install.sh b/install.sh
index 66f5bd4..4ce0ac2 100755
--- a/install.sh
+++ b/install.sh
@@ -30,12 +30,12 @@ trap cleanup EXIT
 
 # Decrypt secureboot keys using the key in the repo
 echo "Decrypting secureboot keys..."
-if [[ ! -f "$FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key" ]]; then
-    echo "Error: usb-secrets-key not found at $FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key"
+if [[ ! -f "$FLAKE_DIR/usb-secrets/usb-secrets-key" ]]; then
+    echo "Error: usb-secrets-key not found at $FLAKE_DIR/usb-secrets/usb-secrets-key"
     exit 1
 fi
 
-nix-shell -p age --run "age -d -i '$FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key' '$FLAKE_DIR/secrets/secureboot.tar.age'" | \
+nix-shell -p age --run "age -d -i '$FLAKE_DIR/usb-secrets/usb-secrets-key' '$FLAKE_DIR/secrets/secureboot.tar.age'" | \
     tar -x -C /tmp/secureboot
 
 echo "Secureboot keys extracted"
@@ -56,4 +56,4 @@ sudo $DISKO_INSTALL \
     --flake "$FLAKE_DIR#muffin" \
     --disk main "$DISK" \
     --extra-files /tmp/secureboot /etc/secureboot \
-    --extra-files "$FLAKE_DIR/usb-secrets/usb-secrets" /mnt/usb-secrets
+    --extra-files "$FLAKE_DIR/usb-secrets/usb-secrets-key" /mnt/usb-secrets/usb-secrets-key
diff --git a/usb-secrets/usb-secrets/usb-secrets-key b/usb-secrets/usb-secrets-key
similarity index 100%
rename from usb-secrets/usb-secrets/usb-secrets-key
rename to usb-secrets/usb-secrets-key
diff --git a/usb-secrets/usb-secrets/usb-secrets-key.pub b/usb-secrets/usb-secrets/usb-secrets-key.pub
deleted file mode 100644
index f6df05a..0000000
--- a/usb-secrets/usb-secrets/usb-secrets-key.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8+eSX2LH5wEHVG9sSv97ceD5zdTarV0lRvoUso4A7p USB secrets decryption key