Daholli/nixos-config
1
0
Fork 0
Code Issues 3 Pull requests Releases Packages Activity Actions

#6 trying to sign commits

Browse source
This commit is contained in:
Christoph Hollizeck 2024-04-07 16:12:04 +02:00
parent 45487e7d1b
commit 120baa6ab8
Signed by: Daholli
GPG key ID: 249300664F2AF2C7
7 changed files with 117 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/home/tools/git/default.nix
View file

@ -16,6 +16,8 @@ in
enable = mkBoolOpt true "Enable Git (Default true)";
userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = mkOpt types.str "A8185688CDE3921F" "The key ID to sign commits with.";
signByDefault = mkOpt types.bool true "Whether to sign commits by default.";
};
config = mkIf cfg.enable {
@ -23,6 +25,10 @@ in
enable = true;
inherit (cfg) userName userEmail;
lfs = enabled;
signing = {
key = cfg.signingKey;
inherit (cfg) signByDefault;
};
extraConfig = {
init = {
defaultBranch = "main";
@ -33,6 +39,9 @@ in
push = {
autoSetupRemote = true;
};
safe = {
directory = "${user.home}/projects/config";
};
};
};
};

56
modules/nixos/security/gpg/default.nix Normal file
View file

@ -0,0 +1,56 @@
{
options,
config,
pkgs,
lib,
inputs,
...
}:
with lib;
with lib.wyrdgard;
let
cfg = config.wyrdgard.security.gpg;
gpgConf = "${inputs.gpg-base-conf}/gpg.conf";
gpgAgentConf = ''
enable-ssh-support
default-cache-ttl 60
max-cache-ttl 120
pinentry-program ${pkgs.pinentry-qt}/bin/pinentry-qt
'';
in
{
options.wyrdgard.security.gpg = with types; {
enable = mkBoolOpt false "Wether or not to enable GPG.";
agentTimeout = mkOpt int 5 "The amount of time to wait before continuing with shell init.";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
paperkey
gnupg
pinentry-curses
pinentry-qt
];
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
};
};
wyrdgard = {
home.file = {
".gnupg/.keep".text = "";
".gnupg/gpg.conf".source = gpgConf;
".gnupg/gpg-agent.conf".text = gpgAgentConf;
};
};
};
}

4
modules/nixos/submodules/basics/default.nix
View file

@ -50,6 +50,10 @@ in
time = enabled;
xkb = enabled;
};
security = {
gpg = enabled;
};
};
};
}

2
modules/nixos/submodules/graphical-interface/default.nix
View file

@ -16,6 +16,8 @@ in
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ ];
services.xserver = {
enable = true;
displayManager.sddm = {

34
modules/nixos/tools/git/default.nix
View file

@ -10,12 +10,14 @@ with lib.wyrdgard;
let
cfg = config.wyrdgard.tools.git;
user = config.wyrdgard.user;
gpg = config.wyrdgard.security.gpg;
in
{
options.wyrdgard.tools.git = with types; {
enable = mkBoolOpt true "Wether or not to enable git (Default enabled)";
userName = mkOpt types.str user.fullName "The name to use git with";
userEmail = mkOpt types.str user.email "The email to use git with";
signingKey = mkOpt types.str "A8185688CDE3921F" "The key ID to sign commits with.";
};
config = mkIf cfg.enable {
@ -24,18 +26,28 @@ in
gitAndTools.gh
];
programs.git = {
enable = true;
lfs.enable = true;
config = {
init = {
defaultBranch = "main";
wyrdgard.home.extraOptions = {
programs.git = {
enable = true;
inherit (cfg) userName userEmail;
lfs.enable = true;
signing = {
key = cfg.signingKey;
signByDefault = mkIf gpg.enable true;
};
pull = {
rebase = false;
};
push = {
autoSetupRemote = true;
extraConfig = {
init = {
defaultBranch = "main";
};
pull = {
rebase = false;
};
push = {
autoSetupRemote = true;
};
safe = {
directory = "${config.users.users.${user.name}.home}/projects/config";
};
};
};
};