Fix omp zai.key encryption: use proper chezmoi 'encrypted_' attribute

The previous approach (private_dot_omp/agent/zai.key.age + manual re-encryption) didn't work because: 1. The 'private_' prefix is for files NOT to push to remote, not for encrypted files. The 'encrypted_' prefix is what chezmoi recognizes as an encryption marker. 2. The encrypted file needs to be at dot_<path>/encrypted_<name>.age so chezmoi can both decrypt on apply AND strip the .age suffix to write the destination file as <name> (without .age). Also fix chezmoi age config to actually decrypt non-interactively: - Add useBuiltinAge: false to force external age binary - Add age.command: /usr/bin/age (absolute path) so PATH issues don't matter in non-interactive SSH contexts The encrypted file is at dot_omp/agent/encrypted_zai.key.age, decrypts to ~/.omp/agent/zai.key on apply. Encrypted to all 6 recipients (recovery + miche + byte + kaiser + rye + crouton). Tested on miche: - chezmoi apply: rc=0 - live zai.key: 50 bytes (correct content) - decrypts with miche per-machine key - would decrypt on other boxes with their respective keys
2026-06-22 00:44:51 -04:00 · 2026-06-22 00:44:51 -04:00 · 07dbe83f52
commit 07dbe83f52
parent 2b06a60d00
5 changed files with 28 additions and 18 deletions
--- a/dot_omp/agent/config.yml
+++ b/dot_omp/agent/config.yml
@ -0,0 +1,65 @@
+providers: 
+  webSearch: searxng
+searxng: 
+  endpoint: http://kaiser.local:8800
+symbolPreset: nerd
+theme: 
+  dark: dark-gruvbox
+  light: light
+setupVersion: 1
+modelRoles: 
+  default: minimax-code/MiniMax-M3:high
+  task: llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
+  smol: llama-swap.miche/qwen3.6-35b-a3b-mtp-rocmfp4
+  plan: zai-coding/glm-5.2:xhigh
+  slow: minimax-code/MiniMax-M3:high
+  vision: llama-swap.miche/gemma4-12b
+retry: 
+  fallbackChains: 
+    default: 
+      - zai-coding/glm-5.2
+      - minimax-code/MiniMax-M3
+      - deepseek/deepseek-v4-pro
+      - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
+      - llama-swap.byte/qwen3.6-27b-mtp
+    task: 
+      - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
+      - llama-swap.byte/qwen3.6-27b-mtp
+      - zai-coding/glm-5.2
+      - minimax-code/MiniMax-M3
+    smol: 
+      - llama-swap.miche/qwen3.6-35b-a3b-mtp-rocmfp4
+      - llama-swap.byte/qwen3.6-35b-a3b-mtp
+      - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
+      - zai-coding/glm-5.2
+      - minimax-code/MiniMax-M3
+    plan: 
+      - zai-coding/glm-5.2:xhigh
+      - minimax-code/minimax-code:xhigh
+      - deepseek/deepseek-v4-pro:xhigh
+      - llama-swap.miche/step-3.7-flash:high
+    slow: 
+      - zai-coding/glm-5.2
+      - minimax-code/minimax-code
+      - deepseek/deepseek-v4-pro
+      - llama-swap.miche/step-3.7-flash
+    vision: 
+      - llama-swap.miche/gemma4-12b
+      - llama-swap.byte/gemma-4-12b-heretic
+      - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
+tools: 
+  approvalMode: yolo
+memory: 
+  backend: "off"
+github: 
+  enabled: true
+statusLine: 
+  preset: default
+  separator: powerline
+  transparent: true
+tui: 
+  textSizing: false
+defaultThinkingLevel: high
+personality: pragmatic
+hideThinkingBlock: true
+readLineNumbers: true