diff options
author | Franck Cuny <franck@fcuny.net> | 2023-02-12 08:17:17 -0800 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-02-20 13:48:41 -0800 |
commit | 9732caf01cf8202da137145401cb7a74c8123ead (patch) | |
tree | ef1489c55d6131e0997a9d9c19b05e2ee3417c3f | |
parent | ref(modules/users): move ssh keys to a separate file (diff) | |
download | world-9732caf01cf8202da137145401cb7a74c8123ead.tar.gz |
ref(home/git): sign commits and tags properly
The configuration can be simplified by using the `signing' directive. For some reason it was also set in the configuration for `pass' which, while it was correct, was in the wrong location.
Diffstat (limited to '')
-rw-r--r-- | home/git/default.nix | 23 | ||||
-rw-r--r-- | home/pass/default.nix | 4 |
2 files changed, 16 insertions, 11 deletions
diff --git a/home/git/default.nix b/home/git/default.nix index f5fd924..557485b 100644 --- a/home/git/default.nix +++ b/home/git/default.nix @@ -1,9 +1,8 @@ { lib, config, pkgs, ... }: let - inherit (builtins) readFile fromTOML; cfg = config.my.home.git; - sshPub = fromTOML (readFile ./../../../configs/ssh-pubkeys.toml); + sshPub = builtins.fromTOML (builtins.readFile ../../configs/ssh-pubkeys.toml); in { options.my.home.git = with lib; { @@ -11,19 +10,31 @@ in }; config = lib.mkIf cfg.enable { + home.file.".ssh/allowed_signers".text = lib.concatMapStrings (x: "franck@fcuny.net ${x}\n") (with sshPub; [ aptos work git ykey-laptop ]); + programs.git = { enable = true; aliases = { s = "status --short --branch"; amend = "commit --amend --no-edit"; - review = "push origin HEAD:refs/for/main"; + }; + signing = { + key = "key::${sshPub.ykey-laptop}"; + signByDefault = true; }; extraConfig = { core.whitespace = "trailing-space,space-before-tab"; color.ui = "true"; + + gpg = { + format = "ssh"; + ssh.allowedSignersFile = "~/.ssh/allowed_signers"; + }; # abort if the remote branch does not match the local one push.default = "simple"; + init.defaultBranch = "main"; + pull.rebase = true; rebase = { # Automatically create a temporary stash entry before the @@ -32,13 +43,11 @@ in # Print a warning if some commits are removed missingCommitsCheck = "warn"; }; + branch.autosetuprebase = "remote"; branch.sort = "authordate"; + commit.template = "${config.xdg.dataHome}/git/commit.template"; - commit.gpgsign = true; - gpg.format = "ssh"; - user.signingkey = "~/.ssh/fcuny_id_ed25519.pub"; - gpg.ssh.allowedSignersFile = "${config.xdg.dataHome}/git/allowed_signers"; }; userName = "Franck Cuny"; userEmail = "franck@fcuny.net"; diff --git a/home/pass/default.nix b/home/pass/default.nix index d79d486..c3e06f6 100644 --- a/home/pass/default.nix +++ b/home/pass/default.nix @@ -17,10 +17,6 @@ in }; programs.git = { - signing = { - key = config.programs.gpg.settings.default-key; - signByDefault = true; - }; extraConfig = { credential = { helper = "${pkgs.gitAndTools.pass-git-helper}/bin/pass-git-helper"; |