1 files changed, 16 insertions, 6 deletions

diff --git a/config/nix.org b/config/nix.org
index da30b91..940c98f 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -1247,6 +1247,7 @@ This is my impermanence profile, which removes all files on reboot except for th
           ".mozilla"
           ".bitmonero"
           ".config"
+          ".crypto"
           { directory = ".gnupg"; mode = "0700"; }
           { directory = ".ssh"; mode = "0700"; }
           { directory = ".local/share/keyrings"; mode = "0700"; }
@@ -3509,6 +3510,7 @@ standard.
       };
 
       shellAliases = {
+        clone-secrets = "git clone ssh://\"$1\"/home/preston/secrets \"$HOME/secrets\"";
         get-channel-id = "yt-dlp --print \"%(channel_id)s\" --playlist-end 1 \"$1\"";
         se = "sops edit";
         f = "vim $(fzf)";
@@ -3616,7 +3618,8 @@ for these configurations.
         torsocks tor-browser
 
         # For transfering secrets onto new system
-        magic-wormhole
+        magic-wormhole stow
+
         # fonts
         nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-emoji fira-code font-awesome_6 victor-mono
         (aspellWithDicts
@@ -3679,6 +3682,14 @@ for these configurations.
   #!/bin/bash
   nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config $HOME/monorepo/nix/systems/spontaneity/hardware-configuration.nix --flake $HOME/monorepo/nix#spontaneity --target-host "$1"
           '')
+        (writeShellScriptBin "secrets"
+          ''
+  #!/bin/bash
+  cd "$HOME/secrets"
+  git pull # repo is over LAN
+  stow */ # manage secrets with gnu stow
+  cd "$HOME"
+          '')
       ] else [
         pfetch
 
@@ -3763,7 +3774,10 @@ This is pretty understandable, if you understand all the above.
     ];
     config = {
       monorepo = {
-        profiles.impermanence.enable = true;
+        profiles = {
+          impermanence.enable = true;
+          secureBoot = true;
+        };
         vars = {
           device = "/dev/sda";
           fileSystem = "btrfs";
@@ -3976,10 +3990,6 @@ This contains the installation script I use to install my systems.
     exit 1
   fi
 
-  gum style --border normal --margin "1" --padding "1 2" "Notice: if using full disk encryption, write to /tmp/secret.key first with your password."
-
-  sleep 3
-
   cd "$HOME"
 
   ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the installation..." || nmtui