Daholli/nixos-config
1
0
Fork 0
Code Issues 5 Pull requests Actions Packages Releases Activity

use onepassword to sign git commits

Browse source
This commit is contained in:
Christoph Hollizeck 2024-04-08 19:36:37 +02:00
parent bcc25d4598
commit 6b1ba33776
No known key found for this signature in database
2 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
modules/home/tools/git/default.nix
View file

@ -16,7 +16,7 @@ in
enable = mkBoolOpt true "Enable Git (Default true)"; enable = mkBoolOpt true "Enable Git (Default true)";
userName = mkOpt types.str user.fullName "The name to configure git with."; userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = mkOpt types.str "A8185688CDE3921F" "The key ID to sign commits with."; signingKey = mkOpt types.str "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4iH29edivUi+k94apb6pasWq8qphfhYo0d6B2GhISf" "The pub key to sign commits with.";
signByDefault = mkOpt types.bool true "Whether to sign commits by default."; signByDefault = mkOpt types.bool true "Whether to sign commits by default.";
}; };
@ -42,6 +42,10 @@ in
safe = { safe = {
directory = "${user.home}/projects/config"; directory = "${user.home}/projects/config";
}; };
gpg = {
format = "ssh";
"ssh".program = "${pkgs._1password-gui}/bin/op-ssh-sign";
};
}; };
}; };
}; };

9
modules/nixos/tools/git/default.nix
View file

@ -10,14 +10,13 @@ with lib.wyrdgard;
let let
cfg = config.wyrdgard.tools.git; cfg = config.wyrdgard.tools.git;
user = config.wyrdgard.user; user = config.wyrdgard.user;
gpg = config.wyrdgard.security.gpg;
in in
{ {
options.wyrdgard.tools.git = with types; { options.wyrdgard.tools.git = with types; {
enable = mkBoolOpt true "Wether or not to enable git (Default enabled)"; enable = mkBoolOpt true "Wether or not to enable git (Default enabled)";
userName = mkOpt types.str user.fullName "The name to use git with"; userName = mkOpt types.str user.fullName "The name to use git with";
userEmail = mkOpt types.str user.email "The email to use git with"; userEmail = mkOpt types.str user.email "The email to use git with";
signingKey = mkOpt types.str "A8185688CDE3921F" "The key ID to sign commits with."; signingKey = mkOpt types.str "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4iH29edivUi+k94apb6pasWq8qphfhYo0d6B2GhISf" "The key ID to sign commits with.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -33,7 +32,7 @@ in
lfs.enable = true; lfs.enable = true;
signing = { signing = {
key = cfg.signingKey; key = cfg.signingKey;
signByDefault = mkIf gpg.enable true; signByDefault = mkIf _1password.enable true;
}; };
extraConfig = { extraConfig = {
init = { init = {
@ -48,6 +47,10 @@ in
safe = { safe = {
directory = "${config.users.users.${user.name}.home}/projects/config"; directory = "${config.users.users.${user.name}.home}/projects/config";
}; };
gpg ={
format = "ssh";
"ssh".program = "${pkgs._1password-gui}/bin/op-ssh-sign";
};
}; };
}; };
}; };