diff options
author | Franck Cuny <franck@fcuny.net> | 2023-09-14 17:57:26 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-09-14 19:13:40 -0700 |
commit | 0eb76d0ae036549203e117bf187450ee495a8953 (patch) | |
tree | e727cfe3381d9391f8da3902fadf382601e0203e | |
parent | flake.lock: Update (diff) | |
download | world-0eb76d0ae036549203e117bf187450ee495a8953.tar.gz |
add ssh key from 1passowrd and sign commits
-rw-r--r-- | configs/ssh-pubkeys.toml | 3 | ||||
-rw-r--r-- | home/profiles/git.nix | 7 | ||||
-rw-r--r-- | hosts/mba/default.nix | 9 |
3 files changed, 14 insertions, 5 deletions
diff --git a/configs/ssh-pubkeys.toml b/configs/ssh-pubkeys.toml index 6f9c980..6068e38 100644 --- a/configs/ssh-pubkeys.toml +++ b/configs/ssh-pubkeys.toml @@ -11,3 +11,6 @@ ykey-backup="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t # this key is used to perform backups restic="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/0b3IjqeCHQ+b4qZoptrmG/twV4Zj4BIH1yl7Y5cW9" + +# 1password +op="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9r1KALhtItqMjxHQS0/5eWJm4UF/i38QATZIi1Pqm2" diff --git a/home/profiles/git.nix b/home/profiles/git.nix index 6846a08..d559150 100644 --- a/home/profiles/git.nix +++ b/home/profiles/git.nix @@ -13,18 +13,17 @@ in userEmail = "franck@fcuny.net"; signing = { - key = "key::${sshPub.ykey-laptop}"; - signByDefault = false; + key = "key::${sshPub.op}"; + signByDefault = true; }; extraConfig = { core.whitespace = "trailing-space,space-before-tab"; color.ui = "true"; - diff.age.textconv = "${pkgs.age}/bin/age --identity ${config.home.homeDirectory}/.age/key.txt --decrypt"; - gpg.format = "ssh"; gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers"; + gpg.ssh.program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign"; # abort if the remote branch does not match the local one push.default = "simple"; diff --git a/hosts/mba/default.nix b/hosts/mba/default.nix index 4431df2..6e6aa8d 100644 --- a/hosts/mba/default.nix +++ b/hosts/mba/default.nix @@ -11,15 +11,22 @@ programs.zsh.enable = true; + # Required for homebrew on aarch64 + environment.systemPath = [ "/opt/homebrew/bin" "/opt/homebrew/sbin" ]; + homebrew = { enable = true; onActivation.autoUpdate = true; + brews = [ + ]; + taps = [ - "homebrew/cask-fonts" + "homebrew/cask-fonts" ]; casks = [ + "1password-cli" "docker" "emacs" "font-source-code-pro" |