From b66fa1861ff667b39c7bed447f3cddb301e6e97e Mon Sep 17 00:00:00 2001
From: Matthieu Bessat <mbess@mbess.net>
Date: Wed, 11 Dec 2024 18:44:19 +0100
Subject: [PATCH] fix: update local directories

---
 ansible/workstation.yaml |  9 +++++++--
 docs/directories.md      | 12 +++++++-----
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/ansible/workstation.yaml b/ansible/workstation.yaml
index e4a5010..dd8c4b5 100644
--- a/ansible/workstation.yaml
+++ b/ansible/workstation.yaml
@@ -311,12 +311,17 @@
         recurse: true
     - name: Setup long-term local secrets
       file:
-        path: "{{ home }}/.hidden/local_secrets"
+        path: "{{ home }}/.local/secrets"
+        state: directory
+        recurse: true
+    - name: Setup directory to contains local root CA
+      file:
+        path: "{{ home }}/.local/secrets/root_ca"
         state: directory
         recurse: true
     - name: Setup temporary secrets folder
       file:
-        path: "{{ home }}/.cache/secrets/"
+        path: "{{ home }}/.cache/secrets"
         state: directory
         recurse: true
     - name: Setup vaults dir gpg home
diff --git a/docs/directories.md b/docs/directories.md
index e314e0b..23ce373 100644
--- a/docs/directories.md
+++ b/docs/directories.md
@@ -2,16 +2,18 @@
 
 Here are the path conventions we use to store files.
 
-- `~/junk` - Very temp files (experiments)
-- `~/triage` - Files to keep but to triage later to others directories for long-term storage
 - `~/workspace` - Store all code git clone being worked on
-- `~/.hidden/local_secrets` - Long-term secrets that are unique and specific to this device. (Eg. forge token, LUKS for external USB thumbdrive, gotify token)
+- `~/.local/secrets` - Store general long-term clear secrets that are not protected by a password.
+- `~/.local/secrets/device` - Long-term secrets that are unique and specific to this device. (Eg. forge client token, LUKS key for external USB thumbdrive, Gotify client token)
+- `~/.local/secrets/root_ca` - Long-term local Root Certificate authorities private keys.
 - `~/.cache/secrets` - Cookie jar for temporary secrets (less that 1 month), can be regenerated quickly with a command.
-- `~/.vaults` - To store [Pass](https://www.passwordstore.org/) directories (a profile per directory)
+- `~/.vaults` - To store [Pass](https://www.passwordstore.org/) directories (a profile per directory). Secrets protected by encryption.
+- `~/junk` - Very temp files (experiments)
+- `~/triage` - Files to keep but to sort out later to others directories for long-term storage.
 - `~/medias` - Store long-term medias (like offline audio and videos)
 - `~/notebooks` - Store all monakhos notebooks
 - `~/quick` - Store transitive content and medias
     - `~/quick/notes`
     - `~/quick/screenshots`
-- `~/.apps` - Store manually installed linux apps and programs (AppImages or manually built binaries)
+- `~/.apps` - Store manually installed linux apps and programs (AppImages or manually built binaries) (like a local /opt)