Add gpg and git signing configuration for Veracode

2025-02-07 10:55:31 +01:00 · 2025-02-07 10:55:31 +01:00 · c4b461f1fc
commit c4b461f1fc
parent 51433e6aca
1 changed files with 36 additions and 2 deletions
--- a/home-manager/lcech-mac-veracode.nix
+++ b/home-manager/lcech-mac-veracode.nix
@ -9,6 +9,9 @@ let

  zshSourceDirs = [ ];

+  gitUsername = "Lukas Cech";
+  gitEmail = "lcech@veracode.com";
+
 in
 {
  imports = [
@ -41,6 +44,14 @@ in
      '';
    };

+    "${homedir}/.gnupg/gpg-agent.conf" = {
+      text = ''
+        default-cache-ttl 34560000
+        max-cache-ttl 34560000
+        pinentry-program ${pkgs.pinentry_mac}/bin/pinentry-mac
+      '';
+    };
+
    "${homedir}/.hammerspoon/hmSpoons/C3CWorkspace.spoon" = {
      source = ./hammerspoon/C3CWorkspace.spoon;
      recursive = true;
@ -65,8 +76,8 @@ in

  programs.git = {
    enable = true;
-    userName = "Lukas Cech";
-    userEmail = "lcech@veracode.com";
+    userName = gitUsername;
+    userEmail = gitEmail;

    ignores = [
      ".vscode"
@ -81,12 +92,35 @@ in
        editor = "vim";
      };

+      signing = {
+        signByDefault = true;
+        key = "5ABD6C5E";
+      };
+
      pull.rebase = false;

      init.defaultBranch = "main";
    };
  };

+  # Generate key wth gpg --full-gen-key
+  # Kind of key: 10 ECC sign only, curve 25519
+  # Real name: <username>
+  # Email address: <email>
+
+  # Add to git: gpg --list-secret-keys --keyid-format SHORT
+  # get the bit after the key kind and put it in the signing.key in git config above
+  # gpg --armor --export <KEY> and add to git account
+
+  programs.gpg = {
+    enable = true;
+    settings = {
+      use-agent = true;
+    };
+    mutableKeys = false;
+    publicKeys = [ ];
+  };
+
  programs.lsd = {
    enable = true;
    enableAliases = true;