From dbab6f8d32b791681151c03f05c1395011b18965 Mon Sep 17 00:00:00 2001 From: Eclypsed Date: Tue, 28 Oct 2025 09:30:29 -0400 Subject: [PATCH] Set up git commit signing with ssh --- flake.lock | 6 +++--- modules/home/git.nix | 23 ++++++++++++++++++++--- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 5829311..7fe1cd4 100644 --- a/flake.lock +++ b/flake.lock @@ -287,11 +287,11 @@ ] }, "locked": { - "lastModified": 1760500983, - "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=", + "lastModified": 1761584077, + "narHash": "sha256-dISPEZahlfs5K6d58zR4akRRyogfE9P4WSyPPNT7HiE=", "owner": "nix-community", "repo": "home-manager", - "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa", + "rev": "e82585308aef3d4cc2c36c7b6946051c8cdf24ef", "type": "github" }, "original": { diff --git a/modules/home/git.nix b/modules/home/git.nix index ab5f82b..e77313a 100644 --- a/modules/home/git.nix +++ b/modules/home/git.nix @@ -1,23 +1,40 @@ { pkgs, + config, ... }: +let + name = "Eclypsed"; + email = "Ec1ypsed@proton.me"; + signingKey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB2h6y1Al2OVotYIpwPZMjiBLAncAI2pAPgES2+gVbJqAAAABHNzaDo= ssh:"; +in { home.packages = with pkgs; [ git-ignore ]; + xdg.configFile."git/allowed_signers".text = '' + ${email} namespaces="git" ${signingKey} + ''; + programs = { git = { enable = true; - userName = "Eclypsed"; - userEmail = "Ec1ypsed@proton.me"; - extraConfig = { + settings = { + user = { inherit name email; }; init = { defaultBranch = "main"; }; + gpg.ssh.allowedSignersFile = "${config.xdg.configHome}/git/allowed_signers"; + }; + signing = { + format = "ssh"; + key = "~/.ssh/id_ed25519_sk_rk.pub"; + signByDefault = true; }; }; lazygit = { enable = true; + enableZshIntegration = true; + shellWrapperName = "lg"; }; }; }