From 7cd312b744a4785430c013625d6617754fb063cd Mon Sep 17 00:00:00 2001
From: Dave Gallant <davegallant@gmail.com>
Date: Sun, 13 Mar 2022 03:37:50 -0400
Subject: [PATCH] Add git-crypt

---
 .gitattributes      |   1 +
 .gitignore          |   1 +
 README.md           |   4 ++++
 common/packages.nix |   1 +
 flake.lock          |  48 ++++++++++++++++++++++----------------------
 home/.aws/config    | Bin 0 -> 970 bytes
 home/default.nix    |   2 ++
 7 files changed, 33 insertions(+), 24 deletions(-)
 create mode 100644 .gitattributes
 create mode 100755 home/.aws/config

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..d16b304
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+**/.aws/** filter=git-crypt diff=git-crypt
diff --git a/.gitignore b/.gitignore
index 328fa96..289866c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 .pre-commit-config.yaml
 result
+git-crypt-key
diff --git a/README.md b/README.md
index d100a78..f8134bc 100644
--- a/README.md
+++ b/README.md
@@ -30,3 +30,7 @@ If there are updates, they should be reflected in [flake.lock](./flake.lock).
 ## Pre-commit hooks
 
 Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.
+
+## Encryption
+
+Overly sensitive configuration is encrypted with [git-crypt](https://www.agwa.name/projects/git-crypt/).
diff --git a/common/packages.nix b/common/packages.nix
index c4d8a46..fb16e96 100644
--- a/common/packages.nix
+++ b/common/packages.nix
@@ -109,6 +109,7 @@ in
         dnsutils
         gping
         iperf
+        networkmanager-openvpn
         nmap
         openssl
         openvpn
diff --git a/flake.lock b/flake.lock
index 8c63166..49af64b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1645293039,
-        "narHash": "sha256-PwdDu+SkX8dreeuJ/4av1sEluNZdrpdXv8JsRKKg1Yc=",
+        "lastModified": 1647173930,
+        "narHash": "sha256-8oca3Pc68VrCp8HeOtHmzs5g0rdQnPO9beDEEZJ02W0=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "1df878b6f8351795a3bebfbe4fd2d02e1e8b29d6",
+        "rev": "17fbc68a6110edbff67e55f7450230a697ecb17e",
         "type": "github"
       },
       "original": {
@@ -38,11 +38,11 @@
     },
     "flake-utils": {
       "locked": {
-        "lastModified": 1629481132,
-        "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
+        "lastModified": 1644229661,
+        "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "997f7efcb746a9c140ce1f13c72263189225f482",
+        "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
         "type": "github"
       },
       "original": {
@@ -58,11 +58,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1646559628,
-        "narHash": "sha256-WDoqxH/IPTV8CkI15wwzvXYgXq9UPr8xd8WKziuaynw=",
+        "lastModified": 1647199655,
+        "narHash": "sha256-vUSLikZNUEYQI5vz/vOVabB/l5DAIrmplPqfQGd+yO8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "afe96e7433c513bf82375d41473c57d1f66b4e68",
+        "rev": "da92196a95c3aeaa6e8336be2864ef02245ad730",
         "type": "github"
       },
       "original": {
@@ -81,11 +81,11 @@
       },
       "locked": {
         "dir": "contrib",
-        "lastModified": 1646510521,
-        "narHash": "sha256-VSHLQPk19BKSTpT09IuDs4E7T4TNlNTpv42KrGiiNz0=",
+        "lastModified": 1647152497,
+        "narHash": "sha256-KNqAdyM0DQPSqb/low6Py9eUBQjfga0KAHAF6naMd7Y=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "8ed9c84481a7d0df0708d11ffa538f832591240f",
+        "rev": "c9b94188d5f96349566372e8a0ce94e14fd6b549",
         "type": "github"
       },
       "original": {
@@ -102,11 +102,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1646554432,
-        "narHash": "sha256-FOFDqZweiT+X92dljiIFn+SqP6WsNz6/gj9Putt+f/o=",
+        "lastModified": 1647159229,
+        "narHash": "sha256-aGawpstqvThlV5OWqCAFIFBc8apYvMT/Qwig111coSo=",
         "owner": "nix-community",
         "repo": "neovim-nightly-overlay",
-        "rev": "a7383d577ed8f4c4e77102cf0b8199146ba5d17d",
+        "rev": "4cf0e4a5738fb247f191a35c7c3900c4f06caca3",
         "type": "github"
       },
       "original": {
@@ -117,11 +117,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1646398322,
-        "narHash": "sha256-p+WCAOoJLc4R6x60pLYYqAiq30PlDUYJMrXqQ3rkBCg=",
+        "lastModified": 1646825982,
+        "narHash": "sha256-uWvS4UFkdE4Iqk1pXhxkZqPsqI+Z2V9VRmLxGUFejbY=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "a7bca8d0d8188ae9802ecc467150cf018e19b958",
+        "rev": "816a935bf5aa5f77cb1f03ebfe20ab13b112d0f1",
         "type": "github"
       },
       "original": {
@@ -133,11 +133,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1646254136,
-        "narHash": "sha256-8nQx02tTzgYO21BP/dy5BCRopE8OwE8Drsw98j+Qoaw=",
+        "lastModified": 1646939531,
+        "narHash": "sha256-bxOjVqcsccCNm+jSmEh/bm0tqfE3SdjwS+p+FZja3ho=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "3e072546ea98db00c2364b81491b893673267827",
+        "rev": "fcd48a5a0693f016a5c370460d0c2a8243b882dc",
         "type": "github"
       },
       "original": {
@@ -149,11 +149,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1646254136,
-        "narHash": "sha256-8nQx02tTzgYO21BP/dy5BCRopE8OwE8Drsw98j+Qoaw=",
+        "lastModified": 1646939531,
+        "narHash": "sha256-bxOjVqcsccCNm+jSmEh/bm0tqfE3SdjwS+p+FZja3ho=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3e072546ea98db00c2364b81491b893673267827",
+        "rev": "fcd48a5a0693f016a5c370460d0c2a8243b882dc",
         "type": "github"
       },
       "original": {
diff --git a/home/.aws/config b/home/.aws/config
new file mode 100755
index 0000000000000000000000000000000000000000..9884e393ed298da62bc1ccb2e7089ae139a05bf2
GIT binary patch
literal 970
zcmV;*12y~rM@dveQdv+`0Q|o{zBz$<czn(at4TFH@gNgH79JhXspeGBJTkw62M)P_
z<oSoj+|Yg&<iH=2e3W(k<Q4MUECA6YOwJynsyMMDxXo~F4zj6OExc_22nD4!cDPE!
zv>+1p&B(NiM+nLvJ)r}lJ9Gt!)?U~E5zJ4R307c)_N5~wwb>SoCra(2$x@;`Zmel6
zR@(3L5emBv)>Nil@!=jQB%Z@M0_>Dm_6JDc8qPa%h;ztC^t#<&JJVLvM?hgJs5h5l
zT|rFaX{K=3?-!v=G5TVcORcoqbD!m1tc_Phcp~X}e>$ca1~v7}Q+fPkt0h4u-|8o^
zM_;}Tc|##WjK-{;V||7@f<V<|cb(jYQcRJtj*sIAAV2d4x$7twj;_4jLm5U+CPLb2
zOS>;1RXX}I7^tgv^$p={HP(3RCUkHIhve?P6hjxnwA-YUJxMQ`d|IbL%S5xoPXE@{
z%d(zv(UMM?rN&SLCvuNQ&X=lfaiwSXiIFLM?w_JzB9U!VZ=7I-ZT@}hn`5#j%506&
zm=Ng3Pc1lm3_;1j1=n_x4z8^{W<lejIyN)y;BmL4I%Qr$lmk68J6c&qWh$v2F)@EO
zs-`l!K`$q?fhp`6;nTpQ4G?QBiac8O^)K(?rV72`^9a4B_F{`F{naKiM){JdxP)oC
zuXl0pfOoDQ-V%8}jp{ex$Nq%mrucHH{7b(4wprz0H)~b^BL~d2l5<$aC-OX&LOCBm
z`6!kV*K-{()ktm3;MQfG3<JGQ3_0fAdBKs{i~s&b-8a<L=PnK|jB*N-a?G}m!#_td
z{<_FQ@+1zoIw9I=rJUKZP1^p92^tphNS9SShCUCLK-YIOzz0I8`&W$v9XA`)uk<hG
zj6pRHjN0^mSU_YFd<@=9D-gb8&wiO9b6ikdX4CVPC;k4^uAPDlZysEfd%Y}&3+(iN
z&Sxzu;<`jvJX`!gkgo~=-r*`}FjhC+3I=&47Br4n`hS0h2&kum^Ic#kzyBAXI<^Ql
zwc&eXrkR4#B)0nE7GGPfkQIz2KwT3(<q6W;2fEwM4cV2s??h>3sthP7!0#{|AHkvd
zj}}@p22r2{6{~=9WHMLo85FOxAEKh~YL3XE(;Wv|2yaMWtryg=uliRTlylIA49Vh7
zuJiTQ{U)MM9P5;vZzH=UMk);}_S(8z?OM}5&;HB}xD3G45%UcpO4`NWe6lbS(PtVH
sp)wvONY<T~85d5r?#$yM{ex<=`_wt$%#=xP)U7BWfMUW4X$Sk2ro^t+KL7v#

literal 0
HcmV?d00001

diff --git a/home/default.nix b/home/default.nix
index 2769676..1bee777 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -357,4 +357,6 @@ in
   home.file.".config/nvim/lua".source = ./nvim/lua;
   home.file.".config/srv".source = ./srv;
 
+  home.file."..aws/config".source = ./.aws/config;
+
 }