Enable git ssh code signing

2023-10-15 14:29:15 +02:00 · 2023-10-15 14:29:15 +02:00 · ed685e870f
commit ed685e870f
parent bbe2325d97
2 changed files with 14 additions and 0 deletions
--- a/modules/shell/git.nix
+++ b/modules/shell/git.nix
@ -6,10 +6,23 @@
  ...
 }: {
  home-manager.users.${vars.user} = {
+    home.file.".ssh/allowed_signers".text = "* ${builtins.readFile ../../rsc/config/git/git.pub}";
+    home.file.".ssh/git.pub" = {
+      source = ../../rsc/config/git/git.pub;
+    };
+
    programs.git = {
      enable = true;
      userName = "GHOSCHT";
      userEmail = "31184695+GHOSCHT@users.noreply.github.com";
+
+      extraConfig = {
+        # Sign all commits using ssh key
+        commit.gpgsign = true;
+        gpg.format = "ssh";
+        gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers";
+        user.signingkey = "~/.ssh/git.pub";
+      };
    };
  };
 }
--- a/rsc/config/git/git.pub
+++ b/rsc/config/git/git.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEJg5bmZmaysJr/jgiXasjWDoxk8djsZzDJybhxiw1S 31184695+GHOSCHT@users.noreply.github.com
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEJg5bmZmaysJr/jgiXasjWDoxk8djsZzDJybhxiw1S 31184695+GHOSCHT@users.noreply.github.com`