Update dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl, dotfiles/.config/age/expect, dotfiles/.local/share/chezmoi/home/.chezmoiignore, dotfiles/.local/share/chezmoi/.chezmoiignore

dotfiles/.config/age/expect

@@ -0,0 +1,11 @@
+#!/usr/bin/expect
+# TODO: https://github.com/hyperupcall/dots/tree/8e62ad19f4fa870bd70b1816d383bc32e9b6d149/dotmgr
+# https://www.chezmoi.io/user-guide/frequently-asked-questions/encryption/#how-do-i-configure-chezmoi-to-encrypt-files-but-only-request-a-passphrase-the-first-time-chezmoi-init-is-run
+# Figure out way of not writing AGE_PASSPHRASE to disk - keep in mem
+
+spawn ./test.bash
+expect "Enter passphrase*"
+send -- "{{ .Env.AGE_PASSPHRASE }}\r"
+expect "Confirm passphrase*"
+send -- "{{ .Env.AGE_PASSPHRASE }}\r"
+expect eof

dotfiles/.config/age/run_once_before_decrypt-private-key.sh.tmpl

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ ! -f "$HOME/.config/age/headless.txt" ]; then
+  logg 'Generating age public key under `~/.config/age/key.txt`'
+  age-keygen > "$HOME/.config/age/headless.txt"
+fi
+
+if [ ! -f "$HOME/.config/age/key.txt" ]; then
+    age --decrypt --output "$HOME/.config/age/key.txt" "{{ .chezmoi.sourceDir }}/key.txt.age"
+    chmod 600 "${HOME}/key.txt"
+fi

dotfiles/.local/share/chezmoi/.chezmoiignore

@@ -0,0 +1 @@
+key.txt.age

dotfiles/.local/share/chezmoi/home/.chezmoiignore

@@ -1,3 +1,4 @@
+key.txt.age
 .chezmoiscripts/**/*
 !.chezmoiscripts/{{ .host.distro.id }}/**/*