From 9732caf01cf8202da137145401cb7a74c8123ead Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 12 Feb 2023 08:17:17 -0800 Subject: ref(home/git): sign commits and tags properly The configuration can be simplified by using the `signing' directive. For some reason it was also set in the configuration for `pass' which, while it was correct, was in the wrong location. --- home/git/default.nix | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'home/git') diff --git a/home/git/default.nix b/home/git/default.nix index f5fd924..557485b 100644 --- a/home/git/default.nix +++ b/home/git/default.nix @@ -1,9 +1,8 @@ { lib, config, pkgs, ... }: let - inherit (builtins) readFile fromTOML; cfg = config.my.home.git; - sshPub = fromTOML (readFile ./../../../configs/ssh-pubkeys.toml); + sshPub = builtins.fromTOML (builtins.readFile ../../configs/ssh-pubkeys.toml); in { options.my.home.git = with lib; { @@ -11,19 +10,31 @@ in }; config = lib.mkIf cfg.enable { + home.file.".ssh/allowed_signers".text = lib.concatMapStrings (x: "franck@fcuny.net ${x}\n") (with sshPub; [ aptos work git ykey-laptop ]); + programs.git = { enable = true; aliases = { s = "status --short --branch"; amend = "commit --amend --no-edit"; - review = "push origin HEAD:refs/for/main"; + }; + signing = { + key = "key::${sshPub.ykey-laptop}"; + signByDefault = true; }; extraConfig = { core.whitespace = "trailing-space,space-before-tab"; color.ui = "true"; + + gpg = { + format = "ssh"; + ssh.allowedSignersFile = "~/.ssh/allowed_signers"; + }; # abort if the remote branch does not match the local one push.default = "simple"; + init.defaultBranch = "main"; + pull.rebase = true; rebase = { # Automatically create a temporary stash entry before the @@ -32,13 +43,11 @@ in # Print a warning if some commits are removed missingCommitsCheck = "warn"; }; + branch.autosetuprebase = "remote"; branch.sort = "authordate"; + commit.template = "${config.xdg.dataHome}/git/commit.template"; - commit.gpgsign = true; - gpg.format = "ssh"; - user.signingkey = "~/.ssh/fcuny_id_ed25519.pub"; - gpg.ssh.allowedSignersFile = "${config.xdg.dataHome}/git/allowed_signers"; }; userName = "Franck Cuny"; userEmail = "franck@fcuny.net"; -- cgit 1.4.1