From 4e014f836776e09c7fe6a01e9e78edbccfd5b21f Mon Sep 17 00:00:00 2001 From: Ben Kreeger Date: Wed, 2 Jul 2025 22:36:08 -0500 Subject: [PATCH] Add changes for k8s, gnupg (part 1) --- .gitignore | 7 +++++ gnupg/dirmngr.conf | 1 + gnupg/gpg-agent.conf | 13 ++++++++ gnupg/gpg.conf | 70 ++++++++++++++++++++++++++++++++++++++++++++ gnupg/sshcontrol | 15 ++++++++++ setup.sh | 2 +- zed/settings.json | 1 + zsh/zshrc | 1 + 8 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 gnupg/dirmngr.conf create mode 100644 gnupg/gpg-agent.conf create mode 100644 gnupg/gpg.conf create mode 100644 gnupg/sshcontrol diff --git a/.gitignore b/.gitignore index d888f64..67cb996 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,9 @@ +# tmux plugin cache tmux/plugins/* !tmux/plugins/tpm + +# gnupg +gnupg/* +!gnupg/*.conf +!gnupg/sshcontrol + diff --git a/gnupg/dirmngr.conf b/gnupg/dirmngr.conf new file mode 100644 index 0000000..1411414 --- /dev/null +++ b/gnupg/dirmngr.conf @@ -0,0 +1 @@ +keyserver hkps://keys.openpgp.org diff --git a/gnupg/gpg-agent.conf b/gnupg/gpg-agent.conf new file mode 100644 index 0000000..1b2acad --- /dev/null +++ b/gnupg/gpg-agent.conf @@ -0,0 +1,13 @@ +# https://github.com/drduh/config/blob/main/gpg-agent.conf +# https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html +enable-ssh-support +ttyname $GPG_TTY +default-cache-ttl 60 +max-cache-ttl 120 +pinentry-program /usr/bin/pinentry-curses +#pinentry-program /usr/bin/pinentry-gnome3 +#pinentry-program /usr/bin/pinentry-tty +#pinentry-program /usr/bin/pinentry-x11 +#pinentry-program /usr/local/bin/pinentry-curses +# pinent-program /usr/local/bin/pinentry-mac +pinentry-program /opt/homebrew/bin/pinentry-mac diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf new file mode 100644 index 0000000..855f420 --- /dev/null +++ b/gnupg/gpg.conf @@ -0,0 +1,70 @@ +# https://github.com/drduh/config/blob/main/gpg.conf +# https://www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html +# 'gpg --version' to get capabilities +# Use AES256, 192, or 128 as cipher +personal-cipher-preferences AES256 AES192 AES +# Use SHA512, 384, or 256 as digest +personal-digest-preferences SHA512 SHA384 SHA256 +# Use ZLIB, BZIP2, ZIP, or no compression +personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed +# Default preferences for new keys +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed +# SHA512 as digest to sign keys +cert-digest-algo SHA512 +# SHA512 as digest for symmetric ops +s2k-digest-algo SHA512 +# AES256 as cipher for symmetric ops +s2k-cipher-algo AES256 +# UTF-8 support for compatibility +charset utf-8 +# No comments in messages +no-comments +# No version in output +no-emit-version +# Disable banner +no-greeting +# Long key id format +keyid-format 0xlong +# Display UID validity +list-options show-uid-validity +verify-options show-uid-validity +# Display all keys and their fingerprints +with-fingerprint +# Display key origins and updates +#with-key-origin +# Cross-certify subkeys are present and valid +require-cross-certification +# Enforce memory locking to avoid accidentally swapping GPG memory to disk +require-secmem +# Disable caching of passphrase for symmetrical ops +no-symkey-cache +# Output ASCII instead of binary +armor +# Enable smartcard +use-agent +# Disable recipient key ID in messages (WARNING: breaks Mailvelope) +throw-keyids +# Default key ID to use (helpful with throw-keyids) +#default-key 0xFF00000000000001 +#trusted-key 0xFF00000000000001 +# Group recipient keys (preferred ID last) +#group keygroup = 0xFF00000000000003 0xFF00000000000002 0xFF00000000000001 +# Keyserver URL +#keyserver hkps://keys.openpgp.org +#keyserver hkps://keys.mailvelope.com +#keyserver hkps://keyserver.ubuntu.com:443 +#keyserver hkps://pgpkeys.eu +#keyserver hkps://pgp.circl.lu +#keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion +# Keyserver proxy +#keyserver-options http-proxy=http://127.0.0.1:8118 +#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 +# Enable key retrieval using WKD and DANE +#auto-key-locate wkd,dane,local +#auto-key-retrieve +# Trust delegation mechanism +#trust-model tofu+pgp +# Show expired subkeys +#list-options show-unusable-subkeys +# Verbose output +#verbose diff --git a/gnupg/sshcontrol b/gnupg/sshcontrol new file mode 100644 index 0000000..d8b9981 --- /dev/null +++ b/gnupg/sshcontrol @@ -0,0 +1,15 @@ +# List of allowed ssh keys. Only keys present in this file are used +# in the SSH protocol. The ssh-add tool may add new entries to this +# file to enable them; you may also add them manually. Comment +# lines, like this one, as well as empty lines are ignored. Lines do +# have a certain length limit but this is not serious limitation as +# the format of the entries is fixed and checked by gpg-agent. A +# non-comment line starts with optional white spaces, followed by the +# keygrip of the key given as 40 hex digits, optionally followed by a +# caching TTL in seconds, and another optional field for arbitrary +# flags. Prepend the keygrip with an '!' mark to disable it. + +# Ed25519 key added on: 2025-06-25 13:19:49 +# Fingerprints: MD5:fa:dd:77:ed:5b:b8:4b:f5:86:c9:28:fe:75:4d:33:4c +# SHA256:IySx4YGOxmVOMHnJqNvLdy+vuaBE4KqR1zlapSyFbA0 +61B8FC9F096AE88D04C2EBA74AF0325D80E0C4D2 0 diff --git a/setup.sh b/setup.sh index d12dbfa..c5561d3 100755 --- a/setup.sh +++ b/setup.sh @@ -14,7 +14,7 @@ if [[ ! -a "$HOME/.zshrc" ]]; then fi # Symlink directories to $XDG_CONFIG_HOME. -directories=("gem" "ghostty" "git" "k9s" "lazygit" "nvim" "starship" "tmux" "zed") +directories=("gem" "ghostty" "git" "gnupg" "k9s" "lazygit" "nvim" "starship" "tmux" "zed") for directory in "${directories[@]}"; do if [[ -d "$XDG_CONFIG_HOME/$directory" ]]; then continue; fi ln -sfv "$SCRIPTPATH/$directory" "$XDG_CONFIG_HOME/$directory" diff --git a/zed/settings.json b/zed/settings.json index f22db6c..ee17c1f 100644 --- a/zed/settings.json +++ b/zed/settings.json @@ -7,6 +7,7 @@ // custom settings, run `zed: open default settings` from the // command palette (cmd-shift-p / ctrl-shift-p) { + "vim_mode": true, "features": { "edit_prediction_provider": "zed" }, diff --git a/zsh/zshrc b/zsh/zshrc index ff216b3..b72ce53 100644 --- a/zsh/zshrc +++ b/zsh/zshrc @@ -100,6 +100,7 @@ export GOBIN=$GOPATH/bin export PATH=~/bin:$GOBIN:$PATH export XDG_CONFIG_HOME=$HOME/.config export TALOSCONFIG=$XDG_CONFIG_HOME/talos/config.yaml +export GNUPGHOME=$XDG_CONFIG_HOME/gnupg kubeconfig=( $XDG_CONFIG_HOME/kube/k8s-dev.yaml $XDG_CONFIG_HOME/kube/k8s.yaml