install: cleanup key and secrets handling

.gitattributes

@@ -1,3 +1,3 @@
 secrets/** filter=git-crypt diff=git-crypt
-usb-secrets/usb-secrets/usb-secrets-key filter=git-crypt diff=git-crypt
+usb-secrets/usb-secrets-key* filter=git-crypt diff=git-crypt
 

install.sh

@@ -30,12 +30,12 @@ trap cleanup EXIT
 
 # Decrypt secureboot keys using the key in the repo
 echo "Decrypting secureboot keys..."
-if [[ ! -f "$FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key" ]]; then
+if [[ ! -f "$FLAKE_DIR/usb-secrets/usb-secrets-key" ]]; then
-    echo "Error: usb-secrets-key not found at $FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key"
+    echo "Error: usb-secrets-key not found at $FLAKE_DIR/usb-secrets/usb-secrets-key"
     exit 1
 fi
 
-nix-shell -p age --run "age -d -i '$FLAKE_DIR/usb-secrets/usb-secrets/usb-secrets-key' '$FLAKE_DIR/secrets/secureboot.tar.age'" | \
+nix-shell -p age --run "age -d -i '$FLAKE_DIR/usb-secrets/usb-secrets-key' '$FLAKE_DIR/secrets/secureboot.tar.age'" | \
     tar -x -C /tmp/secureboot
 
 echo "Secureboot keys extracted"
@@ -56,4 +56,4 @@ sudo $DISKO_INSTALL \
     --flake "$FLAKE_DIR#muffin" \
     --disk main "$DISK" \
     --extra-files /tmp/secureboot /etc/secureboot \
-    --extra-files "$FLAKE_DIR/usb-secrets/usb-secrets" /mnt/usb-secrets
+    --extra-files "$FLAKE_DIR/usb-secrets/usb-secrets-key" /mnt/usb-secrets/usb-secrets-key

usb-secrets/usb-secrets/usb-secrets-key.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8+eSX2LH5wEHVG9sSv97ceD5zdTarV0lRvoUso4A7p USB secrets decryption key