Set up git commit signing with ssh

flake.lock

@@ -287,11 +287,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760500983,
+        "lastModified": 1761584077,
-        "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=",
+        "narHash": "sha256-dISPEZahlfs5K6d58zR4akRRyogfE9P4WSyPPNT7HiE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa",
+        "rev": "e82585308aef3d4cc2c36c7b6946051c8cdf24ef",
         "type": "github"
       },
       "original": {

modules/home/git.nix

@@ -1,23 +1,40 @@
 {
   pkgs,
+  config,
   ...
 }:
+let
+  name = "Eclypsed";
+  email = "Ec1ypsed@proton.me";
+  signingKey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB2h6y1Al2OVotYIpwPZMjiBLAncAI2pAPgES2+gVbJqAAAABHNzaDo= ssh:";
+in
 {
   home.packages = with pkgs; [ git-ignore ];
 
+  xdg.configFile."git/allowed_signers".text = ''
+    ${email} namespaces="git" ${signingKey}
+  '';
+
   programs = {
     git = {
       enable = true;
-      userName = "Eclypsed";
+      settings = {
-      userEmail = "Ec1ypsed@proton.me";
+        user = { inherit name email; };
-      extraConfig = {
         init = {
           defaultBranch = "main";
         };
+        gpg.ssh.allowedSignersFile = "${config.xdg.configHome}/git/allowed_signers";
+      };
+      signing = {
+        format = "ssh";
+        key = "~/.ssh/id_ed25519_sk_rk.pub";
+        signByDefault = true;
       };
     };
     lazygit = {
       enable = true;
+      enableZshIntegration = true;
+      shellWrapperName = "lg";
     };
   };
 }