about summary refs log tree commit diff
path: root/users/fcuny
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-03-05 13:16:27 -0800
committerFranck Cuny <franck@fcuny.net>2022-03-05 13:18:46 -0800
commit3f861ebe8e156d9ba7a24ee1a256a28be4cca56f (patch)
tree68fe37d7f6e6f9f015a768eed9410c70f5d5e2e2 /users/fcuny
parentgit: nixfmt (diff)
downloadworld-3f861ebe8e156d9ba7a24ee1a256a28be4cca56f.tar.gz
git: sign with GPG only when one desktop
Move the configuration for git that requires the signing to pass, and
use the `pass-git-helper` to manage the secrets.
Diffstat (limited to 'users/fcuny')
-rw-r--r--users/fcuny/cli/git.nix14
-rw-r--r--users/fcuny/desktop/trust/git-pass-mapping.ini9
-rw-r--r--users/fcuny/desktop/trust/pass.nix17
3 files changed, 30 insertions, 10 deletions
diff --git a/users/fcuny/cli/git.nix b/users/fcuny/cli/git.nix
index 30ee841..8afb7ec 100644
--- a/users/fcuny/cli/git.nix
+++ b/users/fcuny/cli/git.nix
@@ -1,6 +1,7 @@
-{ config, ... }:
+{ lib, config, ... }:
 
-{
+let inherit (lib) mkIf;
+in {
   programs.git = {
     enable = true;
     aliases = {
@@ -17,16 +18,9 @@
     };
     userName = "Franck Cuny";
     userEmail = "franck@fcuny.net";
-    signing = {
-      key = config.programs.gpg.settings.default-key;
-      signByDefault = true;
-    };
     extraConfig = {
       "credential \"https://github.com\"" = { username = "fcuny"; };
-      "credential \"https://git.fcuny.net\"" = {
-        username = "fcuny";
-        helper = "!echo -n 'password='; pass git/git.fcuny.net";
-      };
+      "credential \"https://git.fcuny.net\"" = { username = "fcuny"; };
     };
     ignores = [
       "*.elc"
diff --git a/users/fcuny/desktop/trust/git-pass-mapping.ini b/users/fcuny/desktop/trust/git-pass-mapping.ini
new file mode 100644
index 0000000..5c5177b
--- /dev/null
+++ b/users/fcuny/desktop/trust/git-pass-mapping.ini
@@ -0,0 +1,9 @@
+[DEFAULT]
+line_username=1
+skip_username=10
+
+[github.com/*]
+target=git/github.com
+
+[git.fcuny.net*]
+target=git/git.fcuny.net
diff --git a/users/fcuny/desktop/trust/pass.nix b/users/fcuny/desktop/trust/pass.nix
index 6ed346c..a552318 100644
--- a/users/fcuny/desktop/trust/pass.nix
+++ b/users/fcuny/desktop/trust/pass.nix
@@ -11,6 +11,23 @@
     };
   };
 
+  programs.git = {
+    signing = {
+      key = config.programs.gpg.settings.default-key;
+      signByDefault = true;
+    };
+    extraConfig = {
+      credential = {
+        helper = "${pkgs.gitAndTools.pass-git-helper}/bin/pass-git-helper";
+        useHttpPath = true;
+      };
+    };
+  };
+
+  xdg.configFile."pass-git-helper/git-pass-mapping.ini" = {
+    source = ./git-pass-mapping.ini;
+  };
+
   services.password-store-sync.enable = true;
 
   # Ensure the password store things are in the systemd session