rain/gnu-plus-dotfiles
rain/gnu-plus-dotfiles
1
0
Fork 0
Code Wiki Activity

Add bun + pi-coding-agent + oh-my-pi to bootstrap; age encryption

Browse source 
Three parts:

1. .chezmoi.yaml.tmpl: reworked age config block
   - recipients moved under 'age:' key (correct structure per chezmoi docs)
   - identity: ~/.config/chezmoi/key.txt
   - recipients list with recovery key + miche per-machine key
   - recovery key pubkey: age1yyq42ctqwp5s5yd64week3aav9getk3p8aeyr5n5454d0v59a4dsjljsgs
   - miche pubkey: age1eja7trs8mmsgf0qga0h5fsdltaryxgk4ksumshar5xxtdx0exy3q0a5hc5
   - placeholders for byte/kaiser/rye/crouton (TODO: generate per-box keys
     and add when bootstrapping those boxes)

2. private_dot_omp/agent/: omp/oh-my-pi config from byte
   - config.yml (1.7KB) — model roles, fallback chains, theme, tools
   - mcp.json (351B) — firecrawl MCP server config
   - zai.key.age (540B) — zai-coding provider API key, age-encrypted to
     recovery + miche recipients. Decrypts to live ~/.omp/agent/zai.key
     on apply.

3. run_once_20: install bun + pi-coding-agent on both OSes
   - arch: bun from pacman (now in [extra])
   - debian: bun via curl-install to ~/.local (not in apt)
   - both: bun add -g @oh-my-pi/pi-coding-agent → omp binary in ~/.bun/bin
   - .zshrc.tmpl already adds ~/.bun/bin to PATH

To onboard a new box:
  1. ssh into the box
  2. age-keygen -o ~/.config/chezmoi/key.txt
  3. paste the public key into .chezmoi.yaml.tmpl recipients
  4. chezmoi age rekey   # rewrites *.age files to include new recipient
  5. commit + push
  6. chezmoi init --apply  # decrypts and writes zai.key live
This commit is contained in:
Rain 2026-06-22 00:10:34 -04:00
parent 6160efeb23
commit dc72dc3a9a
5 changed files with 156 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
private_dot_omp/agent/zai.key.age Normal file
View file

@ -0,0 +1,10 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZWhIcnM5cDBjeXNsSFJD
YmNrVXEyRitzcHpIUms0S281SElvNzBFMG40CkI0ck1MRlk1c0pxWnpwc3ZxTEFR
UVJCbk5TWFluZXpzUGlNVEk4alNXWE0KLT4gWDI1NTE5IEVBV2tkS3pyS3lITWdV
U0JuaTExTjFqbElUQ0FzTTlNUVEzZVVOdlFFRzQKc3c3WXBtQVR4NitoZXYveDZL
aFNtWng2WFBSVE5QSTg4VngwVVFiVUxFOAotLS0gaHlYRTROc3BTWS9IYVVNZlhy
aWZvbThPZm94MG41Nk9kZGNTKzlZM3FMRQo8aM6b1YkAxYJLXq+49I2LazKrOF6U
vUpLSW9ArUFQZuCYjexGzGpJXEjWjpbjOv6nV7LZAIN+brCNYLV2SEHp2Gq+Uny8
ljyD+SUwXgVerdzP
-----END AGE ENCRYPTED FILE-----