From 3f861ebe8e156d9ba7a24ee1a256a28be4cca56f Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 5 Mar 2022 13:16:27 -0800
Subject: git: sign with GPG only when one desktop

Move the configuration for git that requires the signing to pass, and
use the `pass-git-helper` to manage the secrets.
---
 users/fcuny/desktop/trust/pass.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'users/fcuny/desktop/trust/pass.nix')

diff --git a/users/fcuny/desktop/trust/pass.nix b/users/fcuny/desktop/trust/pass.nix
index 6ed346c..a552318 100644
--- a/users/fcuny/desktop/trust/pass.nix
+++ b/users/fcuny/desktop/trust/pass.nix
@@ -11,6 +11,23 @@
     };
   };
 
+  programs.git = {
+    signing = {
+      key = config.programs.gpg.settings.default-key;
+      signByDefault = true;
+    };
+    extraConfig = {
+      credential = {
+        helper = "${pkgs.gitAndTools.pass-git-helper}/bin/pass-git-helper";
+        useHttpPath = true;
+      };
+    };
+  };
+
+  xdg.configFile."pass-git-helper/git-pass-mapping.ini" = {
+    source = ./git-pass-mapping.ini;
+  };
+
   services.password-store-sync.enable = true;
 
   # Ensure the password store things are in the systemd session
-- 
cgit v1.2.3