From c29d21b1865349f2ccf09715874de77d231b18f1 Mon Sep 17 00:00:00 2001
From: dadada <dadada@dadada.li>
Date: Sun, 8 Oct 2023 00:23:33 +0200
Subject: [PATCH] Use ssh-agent

---
 home/home/default.nix             |  9 ---------
 home/modules/git.nix              | 23 ++++++++++++++++++++---
 nixos/modules/profiles/laptop.nix |  2 ++
 3 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/home/home/default.nix b/home/home/default.nix
index 039b064..213effa 100644
--- a/home/home/default.nix
+++ b/home/home/default.nix
@@ -23,15 +23,6 @@ in
 {
   home.stateVersion = "20.09";
 
-  programs.git = {
-    signing = {
-      key = "~/.ssh/dadada-git-signing";
-      signByDefault = true;
-    };
-    userEmail = "dadada@dadada.li";
-    userName = "dadada";
-  };
-
   programs.gpg.settings.default-key = "99658A3EB5CD7C13";
 
   dadada.home =
diff --git a/home/modules/git.nix b/home/modules/git.nix
index ede60eb..778671d 100644
--- a/home/modules/git.nix
+++ b/home/modules/git.nix
@@ -5,6 +5,12 @@
 }:
 with lib; let
   cfg = config.dadada.home.git;
+  allowedSigners = pkgs.writeTextFile {
+    name = "allowed-signers";
+    text = ''
+      dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
+    '';
+  };
 in
 {
   options.dadada.home.git = {
@@ -14,6 +20,20 @@ in
     programs.git = {
       enable = true;
       extraConfig = {
+        commit = {
+          gpgSign = true;
+          verbose = true;
+        };
+        gpg = {
+          format = "ssh";
+          ssh.allowedSignersFile = "${allowedSigners}";
+        };
+        tag.gpgSign = true;
+        user = {
+          email = "dadada@dadada.li";
+          name = "dadada";
+          signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>";
+        };
         core = {
           whitespace = {
             tab-in-indent = true;
@@ -42,10 +62,7 @@ in
           branch = true;
           showUntrackedFiled = "all";
         };
-        commit.verbose = true;
         log.date = "iso8601-local";
-        tag.gpgSign = true;
-        gpg.format = "ssh";
         pull = {
           prune = true;
           ff = "only";
diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix
index fc6813f..ff68072 100644
--- a/nixos/modules/profiles/laptop.nix
+++ b/nixos/modules/profiles/laptop.nix
@@ -15,6 +15,8 @@ with lib; {
   networking.domain = mkDefault "dadada.li";
 
   services.fwupd.enable = mkDefault true;
+  programs.ssh.startAgent = true;
+  programs.ssh.enableAskPassword = true;
 
   age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];