diff options
| author | Franck Cuny <franck@fcuny.net> | 2022-03-05 13:16:27 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2022-03-05 13:18:46 -0800 |
| commit | 3f861ebe8e156d9ba7a24ee1a256a28be4cca56f (patch) | |
| tree | 68fe37d7f6e6f9f015a768eed9410c70f5d5e2e2 /users/fcuny | |
| parent | git: nixfmt (diff) | |
| download | world-3f861ebe8e156d9ba7a24ee1a256a28be4cca56f.tar.gz | |
git: sign with GPG only when one desktop
Move the configuration for git that requires the signing to pass, and use the `pass-git-helper` to manage the secrets.
Diffstat (limited to 'users/fcuny')
| -rw-r--r-- | users/fcuny/cli/git.nix | 14 | ||||
| -rw-r--r-- | users/fcuny/desktop/trust/git-pass-mapping.ini | 9 | ||||
| -rw-r--r-- | users/fcuny/desktop/trust/pass.nix | 17 |
3 files changed, 30 insertions, 10 deletions
diff --git a/users/fcuny/cli/git.nix b/users/fcuny/cli/git.nix index 30ee841..8afb7ec 100644 --- a/users/fcuny/cli/git.nix +++ b/users/fcuny/cli/git.nix @@ -1,6 +1,7 @@ -{ config, ... }: +{ lib, config, ... }: -{ +let inherit (lib) mkIf; +in { programs.git = { enable = true; aliases = { @@ -17,16 +18,9 @@ }; userName = "Franck Cuny"; userEmail = "franck@fcuny.net"; - signing = { - key = config.programs.gpg.settings.default-key; - signByDefault = true; - }; extraConfig = { "credential \"https://github.com\"" = { username = "fcuny"; }; - "credential \"https://git.fcuny.net\"" = { - username = "fcuny"; - helper = "!echo -n 'password='; pass git/git.fcuny.net"; - }; + "credential \"https://git.fcuny.net\"" = { username = "fcuny"; }; }; ignores = [ "*.elc" diff --git a/users/fcuny/desktop/trust/git-pass-mapping.ini b/users/fcuny/desktop/trust/git-pass-mapping.ini new file mode 100644 index 0000000..5c5177b --- /dev/null +++ b/users/fcuny/desktop/trust/git-pass-mapping.ini @@ -0,0 +1,9 @@ +[DEFAULT] +line_username=1 +skip_username=10 + +[github.com/*] +target=git/github.com + +[git.fcuny.net*] +target=git/git.fcuny.net diff --git a/users/fcuny/desktop/trust/pass.nix b/users/fcuny/desktop/trust/pass.nix index 6ed346c..a552318 100644 --- a/users/fcuny/desktop/trust/pass.nix +++ b/users/fcuny/desktop/trust/pass.nix @@ -11,6 +11,23 @@ }; }; + programs.git = { + signing = { + key = config.programs.gpg.settings.default-key; + signByDefault = true; + }; + extraConfig = { + credential = { + helper = "${pkgs.gitAndTools.pass-git-helper}/bin/pass-git-helper"; + useHttpPath = true; + }; + }; + }; + + xdg.configFile."pass-git-helper/git-pass-mapping.ini" = { + source = ./git-pass-mapping.ini; + }; + services.password-store-sync.enable = true; # Ensure the password store things are in the systemd session |