about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-09-14 17:57:26 -0700
committerFranck Cuny <franck@fcuny.net>2023-09-14 19:13:40 -0700
commit0eb76d0ae036549203e117bf187450ee495a8953 (patch)
treee727cfe3381d9391f8da3902fadf382601e0203e
parentflake.lock: Update (diff)
downloadworld-0eb76d0ae036549203e117bf187450ee495a8953.tar.gz
add ssh key from 1passowrd and sign commits
-rw-r--r--configs/ssh-pubkeys.toml3
-rw-r--r--home/profiles/git.nix7
-rw-r--r--hosts/mba/default.nix9
3 files changed, 14 insertions, 5 deletions
diff --git a/configs/ssh-pubkeys.toml b/configs/ssh-pubkeys.toml
index 6f9c980..6068e38 100644
--- a/configs/ssh-pubkeys.toml
+++ b/configs/ssh-pubkeys.toml
@@ -11,3 +11,6 @@ ykey-backup="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t
 
 # this key is used to perform backups
 restic="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/0b3IjqeCHQ+b4qZoptrmG/twV4Zj4BIH1yl7Y5cW9"
+
+# 1password
+op="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9r1KALhtItqMjxHQS0/5eWJm4UF/i38QATZIi1Pqm2"
diff --git a/home/profiles/git.nix b/home/profiles/git.nix
index 6846a08..d559150 100644
--- a/home/profiles/git.nix
+++ b/home/profiles/git.nix
@@ -13,18 +13,17 @@ in
     userEmail = "franck@fcuny.net";
 
     signing = {
-      key = "key::${sshPub.ykey-laptop}";
-      signByDefault = false;
+      key = "key::${sshPub.op}";
+      signByDefault = true;
     };
 
     extraConfig = {
       core.whitespace = "trailing-space,space-before-tab";
       color.ui = "true";
 
-      diff.age.textconv = "${pkgs.age}/bin/age --identity ${config.home.homeDirectory}/.age/key.txt --decrypt";
-
       gpg.format = "ssh";
       gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers";
+      gpg.ssh.program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign";
 
       # abort if the remote branch does not match the local one
       push.default = "simple";
diff --git a/hosts/mba/default.nix b/hosts/mba/default.nix
index 4431df2..6e6aa8d 100644
--- a/hosts/mba/default.nix
+++ b/hosts/mba/default.nix
@@ -11,15 +11,22 @@
 
   programs.zsh.enable = true;
 
+  # Required for homebrew on aarch64
+  environment.systemPath = [ "/opt/homebrew/bin" "/opt/homebrew/sbin" ];
+
   homebrew = {
     enable = true;
     onActivation.autoUpdate = true;
 
+    brews = [
+    ];
+
     taps = [
-        "homebrew/cask-fonts"
+      "homebrew/cask-fonts"
     ];
 
     casks = [
+      "1password-cli"
       "docker"
       "emacs"
       "font-source-code-pro"