Symlinks ~/.ssh to ${DECRYPTEDDATADIR}/ssh_keys (migrating any existing
content once) so the key lives in the gocryptfs-encrypted area instead
of the plain home directory. Also passes -N "" to ssh-keygen so key
generation no longer prompts for a passphrase.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Provisions ~/.ssh/id_ed25519 once and stores it in the FreeIPA KRA
vault so the key persists across reinstalls/new machines instead of
being regenerated each time. Guards against silently overwriting an
existing vault key on transient failures (missing ~/.ssh, vault-add
errors, ssh-keygen failures) before archiving.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Daniel unbrot Pätzold