feat(git): git signing with ssh

2026-05-22 20:32:59 +09:00 · 2026-03-15 02:28:38 +09:00 · 2026-03-15 02:28:38 +09:00 · 357ef7f648
commit 357ef7f648
parent 9ee6a07368
2 changed files with 26 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,6 @@
+# MacOS
 .DS_Store
+
+# Nix
 result
+.cache
--- a/home/git.nix
+++ b/home/git.nix
@ -1,10 +1,30 @@
-{
+{config, ...}: let
+  signingPrincipal = "87608318+smg1024@users.noreply.github.com";
+  signingPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuQ4STNnixjNDo38AyI0yABKAVfF3hupo66613IgfC7";
+  signingKeyPath = "${config.home.homeDirectory}/.config/sops-nix/secrets/github_ssh_key";
+  allowedSignersPath = "${config.home.homeDirectory}/.config/git/allowed_signers";
+in {
+  home.file.".config/git/allowed_signers".text = ''
+    ${signingPrincipal} ${signingPublicKey}
+  '';
+
  programs.git = {
    enable = true;
+    signing = {
+      format = "ssh";
+      key = signingKeyPath;
+      signByDefault = true;
+      signer = "ssh-keygen";
+    };
    settings = {
      user = {
        name = "Poby";
-        email = "87608318+smg1024@users.noreply.github.com";
+        email = signingPrincipal;
+      };
+      gpg = {
+        ssh = {
+          allowedSignersFile = allowedSignersPath;
+        };
      };
      init.defaultBranch = "master";
      push = {