Add gpg
I haven't chosen what pinentry to use, so for now I've set it to
curses, which should make it useable while we look for a proper
solution
Additionally, when git is set to gpg sign by default we need to install
gpg so this change also auto-enables gpg when git wants to sign with it
Change-Id: Ic8fafb1d2ece87f6ccff22241b7e3fc0c9d1c2e0
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/402
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/homes/x86_64-linux/minion@greylag/default.nix b/homes/x86_64-linux/minion@greylag/default.nix
index 055f98b..e651678 100644
--- a/homes/x86_64-linux/minion@greylag/default.nix
+++ b/homes/x86_64-linux/minion@greylag/default.nix
@@ -23,6 +23,24 @@
greylag
'';
+ programs.gpg.scdaemonSettings = {
+ reader-port = "Yubico Yubi";
+ };
+
+ programs.git.extraConfig.alias = {
+ recommit = "!git commit --verbose -eF $(git rev-parse --git-dir)/COMMIT_EDITMSG";
+ graph = "log --graph --oneline --decorate";
+ hash = "rev-parse HEAD";
+ personal = "config user.email skyler3665@gmail.com";
+ clicks = "config user.email minion@clicks.codes";
+ collabora = "config user.email skyler.grey@collabora.com";
+ };
+
+ programs.git.extraConfig.user = {
+ name = "Skyler Grey";
+ signingkey = "7C868112B5390C5C";
+ };
+
chimera = {
hyprland.enable = true;
hyprland.hyprpaper.splash.enable = true;
@@ -95,6 +113,7 @@
stgit.enable = true;
gitReview.enable = true;
auth.clicksUsername = "minion";
+ gpg.enable = true;
};
};
}
diff --git a/modules/home/git/default.nix b/modules/home/git/default.nix
index 23f3d78..b8ac878 100644
--- a/modules/home/git/default.nix
+++ b/modules/home/git/default.nix
@@ -15,9 +15,23 @@
description = "Username for Clicks Gerrit";
};
};
+ gpg = {
+ enable = lib.mkEnableOption "Enable signing with gpg";
+ commit = lib.mkOption {
+ type = lib.types.bool;
+ description = "Enable gpg signing for commits by default";
+ default = true;
+ };
+ push = lib.mkOption {
+ type = lib.types.bool;
+ description = "Enable gpg signing for pushes by when asked by the server";
+ default = true;
+ };
+ };
};
config = {
+ chimera.gpg.enable = lib.mkIf config.chimera.git.gpg.enable true;
home.packages =
(if config.chimera.git.gitReview.enable then [ pkgs.git-review ] else [ ])
@@ -42,7 +56,7 @@
extraConfig = {
init.defaultBranch = "main";
advice.skippedcherrypicks = false;
- commit.gpgsign = true;
+ commit.gpgsign = lib.mkIf config.chimera.git.gpg.enable config.chimera.git.gpg.commit;
credential.helper = "cache";
core = {
repositoryformatversion = 0;
@@ -59,7 +73,7 @@
};
push = {
autoSetupRemote = true;
- gpgSign = "if-asked";
+ gpgSign = lib.mkIf config.chimera.git.gpg.enable (if config.chimera.git.gpg.push then "if-asked" else false);
};
url = {
"ssh://git@github.com/".pushInsteadOf = "https://github.com/";
diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix
new file mode 100644
index 0000000..f17ef2f
--- /dev/null
+++ b/modules/home/gpg/default.nix
@@ -0,0 +1,21 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ options.chimera.gpg = {
+ enable = lib.mkEnableOption "Enable gpg";
+ };
+
+ config = lib.mkIf config.chimera.gpg.enable {
+ programs.gpg.enable = true;
+ services.gpg-agent = {
+ enable = true;
+ pinentryFlavor = "curses";
+ enableZshIntegration = config.chimera.shell.zsh.enable;
+ enableBashIntegration = config.chimera.shell.bash.enable;
+ };
+ };
+}
\ No newline at end of file