Set up git commit signing with ssh

2025-10-28 09:30:29 -04:00
parent a21abe2f8f
commit dbab6f8d32
2 changed files with 23 additions and 6 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -287,11 +287,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760500983,
-        "narHash": "sha256-zfY4F4CpeUjTGgecIJZ+M7vFpwLc0Gm9epM/iMQd4w8=",
+        "lastModified": 1761584077,
+        "narHash": "sha256-dISPEZahlfs5K6d58zR4akRRyogfE9P4WSyPPNT7HiE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "c53e65ec92f38d30e3c14f8d628ab55d462947aa",
+        "rev": "e82585308aef3d4cc2c36c7b6946051c8cdf24ef",
        "type": "github"
      },
      "original": {
--- a/modules/home/git.nix
+++ b/modules/home/git.nix
@@ -1,23 +1,40 @@
 {
  pkgs,
+  config,
  ...
 }:
+let
+  name = "Eclypsed";
+  email = "Ec1ypsed@proton.me";
+  signingKey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB2h6y1Al2OVotYIpwPZMjiBLAncAI2pAPgES2+gVbJqAAAABHNzaDo= ssh:";
+in
 {
  home.packages = with pkgs; [ git-ignore ];

+  xdg.configFile."git/allowed_signers".text = ''
+    ${email} namespaces="git" ${signingKey}
+  '';
+
  programs = {
    git = {
      enable = true;
-      userName = "Eclypsed";
-      userEmail = "Ec1ypsed@proton.me";
-      extraConfig = {
+      settings = {
+        user = { inherit name email; };
        init = {
          defaultBranch = "main";
        };
+        gpg.ssh.allowedSignersFile = "${config.xdg.configHome}/git/allowed_signers";
+      };
+      signing = {
+        format = "ssh";
+        key = "~/.ssh/id_ed25519_sk_rk.pub";
+        signByDefault = true;
      };
    };
    lazygit = {
      enable = true;
+      enableZshIntegration = true;
+      shellWrapperName = "lg";
    };
  };
 }