From a0f44568e87fb68c7f6234f57e99769ada8d1919 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Tue, 25 Jan 2022 22:21:15 +0100 Subject: [PATCH] git: Sign with SSH key --- config/git/config-work-nedeco | 17 +++++++++++++++-- config/git/config-work-wdw | 4 ++-- config/ssh.nix | 10 ++++++++++ config/ssh/allowed_signers/work-nedeco | 1 + 4 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 config/ssh/allowed_signers/work-nedeco diff --git a/config/git/config-work-nedeco b/config/git/config-work-nedeco index afab7a5..eb76113 100644 --- a/config/git/config-work-nedeco +++ b/config/git/config-work-nedeco @@ -1,3 +1,16 @@ [user] - email = "d.kempkens@nedeco.de" - name = "Daniel Kempkens" + email = "d.kempkens@nedeco.de" + name = "Daniel Kempkens" + signingKey = "~/.ssh/nedeco_gitlab.pub" + +[commit] + gpgsign = true + +[tag] + gpgsign = true + +[gpg] + format = "ssh" + +[gpg "ssh"] + allowedSignersFile = "~/.ssh/allowed_signers/work-nedeco" diff --git a/config/git/config-work-wdw b/config/git/config-work-wdw index dd8c648..38b0c2f 100644 --- a/config/git/config-work-wdw +++ b/config/git/config-work-wdw @@ -1,3 +1,3 @@ [user] - email = "d.kempkens@wdw-consulting.com" - name = "Daniel Kempkens" + email = "d.kempkens@wdw-consulting.com" + name = "Daniel Kempkens" diff --git a/config/ssh.nix b/config/ssh.nix index d28258a..d542250 100644 --- a/config/ssh.nix +++ b/config/ssh.nix @@ -1,3 +1,8 @@ +{ config, ... }: + +let + signers-directory = "${config.home.homeDirectory}/.ssh/allowed_signers"; +in { programs.ssh = { enable = true; @@ -71,4 +76,9 @@ "~/.ssh/config_work" ]; }; + + home.file."${signers-directory}" = { + source = ../config/ssh/allowed_signers; + recursive = true; + }; } diff --git a/config/ssh/allowed_signers/work-nedeco b/config/ssh/allowed_signers/work-nedeco new file mode 100644 index 0000000..c7aa137 --- /dev/null +++ b/config/ssh/allowed_signers/work-nedeco @@ -0,0 +1 @@ +d.kempkens@nedeco.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHOfdNMxQPUyeR0+Eyx+mnw3zTld7ipejlu/FtxZ3+r