git: Sign with SSH key

config/git/config-work-nedeco

@@ -1,3 +1,16 @@
 [user]
   email = "d.kempkens@nedeco.de"
   name = "Daniel Kempkens"
+  signingKey = "~/.ssh/nedeco_gitlab.pub"
+
+[commit]
+  gpgsign = true
+
+[tag]
+  gpgsign = true
+
+[gpg]
+  format = "ssh"
+
+[gpg "ssh"]
+  allowedSignersFile = "~/.ssh/allowed_signers/work-nedeco"

config/ssh.nix

@@ -1,3 +1,8 @@
+{ config, ... }:
+
+let
+  signers-directory = "${config.home.homeDirectory}/.ssh/allowed_signers";
+in
 {
   programs.ssh = {
     enable = true;
@@ -71,4 +76,9 @@
       "~/.ssh/config_work"
     ];
   };
+
+  home.file."${signers-directory}" = {
+    source = ../config/ssh/allowed_signers;
+    recursive = true;
+  };
 }

config/ssh/allowed_signers/work-nedeco

@@ -0,0 +1 @@
+d.kempkens@nedeco.de ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHOfdNMxQPUyeR0+Eyx+mnw3zTld7ipejlu/FtxZ3+r