From 85e6d9a73b3fb4d26acb9d7e653cf9ab9e7c0a1b Mon Sep 17 00:00:00 2001
From: Charlotte Van Petegem <charlotte@vanpetegem.be>
Date: Mon, 13 Jan 2025 14:52:56 +0100
Subject: [PATCH] git: Sign commits with ssh key

---
 modules/shared/development/git/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/shared/development/git/default.nix b/modules/shared/development/git/default.nix
index 4b168eb2..d91cba2f 100644
--- a/modules/shared/development/git/default.nix
+++ b/modules/shared/development/git/default.nix
@@ -2,6 +2,8 @@
 
 let
   username = config.chvp.username;
+  homeDir = config.home-manager.users.${username}.home.homeDirectory;
+  sshKeyFile = config.home-manager.users.${username}.programs.ssh.extraOptionOverrides.IdentityFile or "${homeDir}/.ssh/id_ed25519";
 in
 {
   options.chvp.development.git = {
@@ -68,11 +70,15 @@ in
         lfs.enable = true;
         extraConfig = {
           branch.autosetuprebase = "always";
+          commit.gpgSign = true;
           github.user = "chvp";
+          gpg.format = "ssh";
           merge.conflictStyle = "diff3";
           pull.rebase = true;
           rebase.autoStash = true;
           rerere.enabled = true;
+          tag.gpgSign = true;
+          user.signingKey = sshKeyFile;
         };
         ignores = [
           ".DS_Store"