Add changes for k8s, gnupg (part 1)

.gitignore

@@ -1,2 +1,9 @@
+# tmux plugin cache
 tmux/plugins/*
 !tmux/plugins/tpm
+
+# gnupg
+gnupg/*
+!gnupg/*.conf
+!gnupg/sshcontrol
+

gnupg/dirmngr.conf

@@ -0,0 +1 @@
+keyserver hkps://keys.openpgp.org

gnupg/gpg-agent.conf

@@ -0,0 +1,13 @@
+# https://github.com/drduh/config/blob/main/gpg-agent.conf
+# https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html
+enable-ssh-support
+ttyname $GPG_TTY
+default-cache-ttl 60
+max-cache-ttl 120
+pinentry-program /usr/bin/pinentry-curses
+#pinentry-program /usr/bin/pinentry-gnome3
+#pinentry-program /usr/bin/pinentry-tty
+#pinentry-program /usr/bin/pinentry-x11
+#pinentry-program /usr/local/bin/pinentry-curses
+# pinent-program /usr/local/bin/pinentry-mac
+pinentry-program /opt/homebrew/bin/pinentry-mac

gnupg/gpg.conf

@@ -0,0 +1,70 @@
+# https://github.com/drduh/config/blob/main/gpg.conf
+# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html
+# 'gpg --version' to get capabilities
+# Use AES256, 192, or 128 as cipher
+personal-cipher-preferences AES256 AES192 AES
+# Use SHA512, 384, or 256 as digest
+personal-digest-preferences SHA512 SHA384 SHA256
+# Use ZLIB, BZIP2, ZIP, or no compression
+personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed
+# Default preferences for new keys
+default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed
+# SHA512 as digest to sign keys
+cert-digest-algo SHA512
+# SHA512 as digest for symmetric ops
+s2k-digest-algo SHA512
+# AES256 as cipher for symmetric ops
+s2k-cipher-algo AES256
+# UTF-8 support for compatibility
+charset utf-8
+# No comments in messages
+no-comments
+# No version in output
+no-emit-version
+# Disable banner
+no-greeting
+# Long key id format
+keyid-format 0xlong
+# Display UID validity
+list-options show-uid-validity
+verify-options show-uid-validity
+# Display all keys and their fingerprints
+with-fingerprint
+# Display key origins and updates
+#with-key-origin
+# Cross-certify subkeys are present and valid
+require-cross-certification
+# Enforce memory locking to avoid accidentally swapping GPG memory to disk
+require-secmem
+# Disable caching of passphrase for symmetrical ops
+no-symkey-cache
+# Output ASCII instead of binary
+armor
+# Enable smartcard
+use-agent
+# Disable recipient key ID in messages (WARNING: breaks Mailvelope)
+throw-keyids
+# Default key ID to use (helpful with throw-keyids)
+#default-key 0xFF00000000000001
+#trusted-key 0xFF00000000000001
+# Group recipient keys (preferred ID last)
+#group keygroup = 0xFF00000000000003 0xFF00000000000002 0xFF00000000000001
+# Keyserver URL
+#keyserver hkps://keys.openpgp.org
+#keyserver hkps://keys.mailvelope.com
+#keyserver hkps://keyserver.ubuntu.com:443
+#keyserver hkps://pgpkeys.eu
+#keyserver hkps://pgp.circl.lu
+#keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
+# Keyserver proxy
+#keyserver-options http-proxy=http://127.0.0.1:8118
+#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
+# Enable key retrieval using WKD and DANE
+#auto-key-locate wkd,dane,local
+#auto-key-retrieve
+# Trust delegation mechanism
+#trust-model tofu+pgp
+# Show expired subkeys
+#list-options show-unusable-subkeys
+# Verbose output
+#verbose

gnupg/sshcontrol

@@ -0,0 +1,15 @@
+# List of allowed ssh keys.  Only keys present in this file are used
+# in the SSH protocol.  The ssh-add tool may add new entries to this
+# file to enable them; you may also add them manually.  Comment
+# lines, like this one, as well as empty lines are ignored.  Lines do
+# have a certain length limit but this is not serious limitation as
+# the format of the entries is fixed and checked by gpg-agent. A
+# non-comment line starts with optional white spaces, followed by the
+# keygrip of the key given as 40 hex digits, optionally followed by a
+# caching TTL in seconds, and another optional field for arbitrary
+# flags.   Prepend the keygrip with an '!' mark to disable it.
+
+# Ed25519 key added on: 2025-06-25 13:19:49
+# Fingerprints:  MD5:fa:dd:77:ed:5b:b8:4b:f5:86:c9:28:fe:75:4d:33:4c
+#                SHA256:IySx4YGOxmVOMHnJqNvLdy+vuaBE4KqR1zlapSyFbA0
+61B8FC9F096AE88D04C2EBA74AF0325D80E0C4D2 0

setup.sh

@@ -14,7 +14,7 @@ if [[ ! -a "$HOME/.zshrc" ]]; then
 fi
 
 # Symlink directories to $XDG_CONFIG_HOME.
-directories=("gem" "ghostty" "git" "k9s" "lazygit" "nvim" "starship" "tmux" "zed")
+directories=("gem" "ghostty" "git" "gnupg" "k9s" "lazygit" "nvim" "starship" "tmux" "zed")
 for directory in "${directories[@]}"; do
     if [[ -d "$XDG_CONFIG_HOME/$directory" ]]; then continue; fi
     ln -sfv "$SCRIPTPATH/$directory" "$XDG_CONFIG_HOME/$directory"

zed/settings.json

@@ -7,6 +7,7 @@
 // custom settings, run `zed: open default settings` from the
 // command palette (cmd-shift-p / ctrl-shift-p)
 {
+  "vim_mode": true,
   "features": {
     "edit_prediction_provider": "zed"
   },

zsh/zshrc

@@ -100,6 +100,7 @@ export GOBIN=$GOPATH/bin
 export PATH=~/bin:$GOBIN:$PATH
 export XDG_CONFIG_HOME=$HOME/.config
 export TALOSCONFIG=$XDG_CONFIG_HOME/talos/config.yaml
+export GNUPGHOME=$XDG_CONFIG_HOME/gnupg
 kubeconfig=(
     $XDG_CONFIG_HOME/kube/k8s-dev.yaml
     $XDG_CONFIG_HOME/kube/k8s.yaml