From bf2d5c98e4ce45df552e6d2daae0435c5a8cf7f8 Mon Sep 17 00:00:00 2001
From: Botond Hende <nettingman@gmail.com>
Date: Mon, 30 Jun 2025 23:48:29 +0200
Subject: gpg encryption with neovim

---
 home/.config/nvim/init.lua | 50 ++++++++++++++++++++++++++++++++++++++++++++++
 home/.gnupg/gpg-agent.conf |  2 ++
 2 files changed, 52 insertions(+)
 create mode 100644 home/.gnupg/gpg-agent.conf

(limited to 'home')

diff --git a/home/.config/nvim/init.lua b/home/.config/nvim/init.lua
index 7b434d8..d3ca6dc 100644
--- a/home/.config/nvim/init.lua
+++ b/home/.config/nvim/init.lua
@@ -17,3 +17,53 @@ end
 vim.keymap.set('', '<M-Up>', ':move-2<CR>', { silent = true })
 vim.keymap.set('', '<M-Down>', ':move+1<CR>', { silent = true })
 vim.keymap.set('t', '<Esc>', '<C-\\><C-n>', { silent = true })
+
+--auto decrypt/encrypt with gpg
+
+local gpgGroup = vim.api.nvim_create_augroup('customGpg', { clear = true })
+
+-- autocmds execute in the order in which they were defined.
+-- https://neovim.io/doc/user/autocmd.html#autocmd-define
+
+vim.api.nvim_create_autocmd({ 'BufReadPre', 'FileReadPre' }, {
+    pattern = '*.gpg',
+    group = gpgGroup,
+    callback = function ()
+        -- Make sure nothing is written to shada file while editing an encrypted file.
+        vim.opt_local.shada = nil
+        -- We don't want a swap file, as it writes unencrypted data to disk
+        vim.opt_local.swapfile = false
+        -- Switch to binary mode to read the encrypted file
+        vim.opt_local.bin = true
+
+        vim.cmd("let ch_save = &ch|set ch=2")
+    end
+})
+
+vim.api.nvim_create_autocmd({ 'BufReadPost', 'FileReadPost' }, {
+    pattern = '*.gpg',
+    group = gpgGroup,
+    callback = function ()
+        vim.cmd("'[,']!gpg --decrypt 2> /dev/null")
+
+        -- Switch to normal mode for editing
+        vim.opt_local.bin = false
+
+        vim.cmd('let &ch = ch_save|unlet ch_save')
+        vim.cmd(":doautocmd BufReadPost " .. vim.fn.expand("%:r"))
+    end
+})
+
+-- Convert all text to encrypted text before writing
+vim.api.nvim_create_autocmd({ 'BufWritePre', 'FileWritePre' }, {
+    pattern = '*.gpg',
+    group = gpgGroup,
+    command = "'[,']!gpg --default-recipient-self -ae 2>/dev/null",
+})
+-- Undo the encryption so we are back in the normal text, directly
+-- after the file has been written.
+vim.api.nvim_create_autocmd({ 'BufWritePost', 'FileWritePost' }, {
+    pattern = '*.gpg',
+    group = gpgGroup,
+    command = 'u'
+})
diff --git a/home/.gnupg/gpg-agent.conf b/home/.gnupg/gpg-agent.conf
new file mode 100644
index 0000000..263f2a7
--- /dev/null
+++ b/home/.gnupg/gpg-agent.conf
@@ -0,0 +1,2 @@
+default-cache-ttl 0
+max-cache-ttl 0
-- 
cgit v1.2.3-70-g09d2