Fix omp zai.key encryption: use proper chezmoi 'encrypted_' attribute

The previous approach (private_dot_omp/agent/zai.key.age + manual re-encryption) didn't work because: 1. The 'private_' prefix is for files NOT to push to remote, not for encrypted files. The 'encrypted_' prefix is what chezmoi recognizes as an encryption marker. 2. The encrypted file needs to be at dot_<path>/encrypted_<name>.age so chezmoi can both decrypt on apply AND strip the .age suffix to write the destination file as <name> (without .age). Also fix chezmoi age config to actually decrypt non-interactively: - Add useBuiltinAge: false to force external age binary - Add age.command: /usr/bin/age (absolute path) so PATH issues don't matter in non-interactive SSH contexts The encrypted file is at dot_omp/agent/encrypted_zai.key.age, decrypts to ~/.omp/agent/zai.key on apply. Encrypted to all 6 recipients (recovery + miche + byte + kaiser + rye + crouton). Tested on miche: - chezmoi apply: rc=0 - live zai.key: 50 bytes (correct content) - decrypts with miche per-machine key - would decrypt on other boxes with their respective keys
2026-06-22 00:44:51 -04:00 · 2026-06-22 00:44:51 -04:00 · 07dbe83f52
commit 07dbe83f52
parent 2b06a60d00
5 changed files with 28 additions and 18 deletions
--- a/private_dot_omp/agent/config.yml
+++ b/private_dot_omp/agent/config.yml
@ -1,65 +0,0 @@
-providers: 
-  webSearch: searxng
-searxng: 
-  endpoint: http://kaiser.local:8800
-symbolPreset: nerd
-theme: 
-  dark: dark-gruvbox
-  light: light
-setupVersion: 1
-modelRoles: 
-  default: minimax-code/MiniMax-M3:high
-  task: llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
-  smol: llama-swap.miche/qwen3.6-35b-a3b-mtp-rocmfp4
-  plan: zai-coding/glm-5.2:xhigh
-  slow: minimax-code/MiniMax-M3:high
-  vision: llama-swap.miche/gemma4-12b
-retry: 
-  fallbackChains: 
-    default: 
-      - zai-coding/glm-5.2
-      - minimax-code/MiniMax-M3
-      - deepseek/deepseek-v4-pro
-      - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
-      - llama-swap.byte/qwen3.6-27b-mtp
-    task: 
-      - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
-      - llama-swap.byte/qwen3.6-27b-mtp
-      - zai-coding/glm-5.2
-      - minimax-code/MiniMax-M3
-    smol: 
-      - llama-swap.miche/qwen3.6-35b-a3b-mtp-rocmfp4
-      - llama-swap.byte/qwen3.6-35b-a3b-mtp
-      - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
-      - zai-coding/glm-5.2
-      - minimax-code/MiniMax-M3
-    plan: 
-      - zai-coding/glm-5.2:xhigh
-      - minimax-code/minimax-code:xhigh
-      - deepseek/deepseek-v4-pro:xhigh
-      - llama-swap.miche/step-3.7-flash:high
-    slow: 
-      - zai-coding/glm-5.2
-      - minimax-code/minimax-code
-      - deepseek/deepseek-v4-pro
-      - llama-swap.miche/step-3.7-flash
-    vision: 
-      - llama-swap.miche/gemma4-12b
-      - llama-swap.byte/gemma-4-12b-heretic
-      - llama-swap.miche/qwen3.6-27b-mtp-rocmfp4-turbo
-tools: 
-  approvalMode: yolo
-memory: 
-  backend: "off"
-github: 
-  enabled: true
-statusLine: 
-  preset: default
-  separator: powerline
-  transparent: true
-tui: 
-  textSizing: false
-defaultThinkingLevel: high
-personality: pragmatic
-hideThinkingBlock: true
-readLineNumbers: true