feat(dot): use git-crypt to encrypt my secrets.env

Author: folke

ansible/roles/packages/tasks/main.yml

@@ -80,6 +80,7 @@
       # dev
       - fnm-bin
       - git
+      - git-crypt
       - git-delta
       - github-cli
       - httpie

config/fish/conf.d/pve.fish

@@ -14,15 +14,7 @@ function pct_enter
     pve pct enter $id
 end
 
-function pve-ssh-copy-id -d "Copy the SSH public key to a Proxmox VM/LXC" -a name
-    set cid $argv[1]
-    echo "Copying SSH public key to $cid"
-
-    cat ~/.ssh/id_ed25519.pub |
-        ssh $node bash -c "pct exec $cid -- bash -c \"mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys\""
-end
-
-
 function win
+    test -z "$PVE_API_KEY"; and echo "PVE_API_KEY not set" and return 1
     cv4pve-pepper --api-token $PVE_API_KEY --host 10.0.0.10 --viewer (which remote-viewer) --vmid 106 --start-or-resume
 end

config/fish/conf.d/secrets.fish

@@ -0,0 +1,15 @@
+set -l secrets_file ~/.config/fish/secrets.env
+
+# Source secrets if available (git-crypt handles encryption/decryption automatically)
+if test -f $secrets_file
+    while read -l line
+        # Skip empty lines and comments
+        if test -n "$line"; and not string match -qr '^\s*#' -- $line
+            # Export the variable
+            set -l parts (string split -m 1 '=' -- $line)
+            if test (count $parts) -eq 2
+                set -gx $parts[1] $parts[2]
+            end
+        end
+    end <$secrets_file
+end

config/fish/secrets.env

@@ -7,6 +7,7 @@ adobe-source-han-sans-cn-fonts
 adobe-source-han-sans-jp-fonts
 adobe-source-han-sans-kr-fonts
 adw-gtk-theme
+age
 aider-chat-venv
 alacritty
 alsa-firmware
@@ -110,6 +111,7 @@ gammastep
 gedit
 ghostty
 git
+git-crypt
 git-delta
 github-cli
 glances
@@ -348,6 +350,7 @@ snapper
 snapshot
 socat
 sof-firmware
+sops
 speech-dispatcher
 spotify-launcher
 spotify-player