From bcf4579811e9336cd5ea30650c6f3156ad7c3481 Mon Sep 17 00:00:00 2001
From: Dmitriy Pleshevskiy <dmitriy@ideascup.me>
Date: Wed, 1 Jun 2022 16:48:29 +0300
Subject: [PATCH] feat(nix/prog/git): add gpg key

---
 nix/home.nix            |  1 +
 nix/progs/git.nix       | 10 ++++++++++
 nix/secrets.example.nix |  2 ++
 3 files changed, 13 insertions(+)

diff --git a/nix/home.nix b/nix/home.nix
index 4e9edb5..86bd534 100644
--- a/nix/home.nix
+++ b/nix/home.nix
@@ -60,6 +60,7 @@ in
       enable = true;
       inherit userName;
       inherit userEmail;
+      gpgKey = gpgSigningKey;
     };
 
     # password manager
diff --git a/nix/progs/git.nix b/nix/progs/git.nix
index 1fd542d..d0153c7 100644
--- a/nix/progs/git.nix
+++ b/nix/progs/git.nix
@@ -22,6 +22,12 @@ in
       type = types.str;
       description = "Set your global email";
     };
+
+    gpgKey = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "The default GnuPG signing key fingerprint";
+    };
   };
   
   config = mkIf cfg.enable {
@@ -29,6 +35,10 @@ in
       enable = true;
       userName = cfg.userName;
       userEmail = cfg.userEmail;
+      signing = mkIf (cfg.gpgKey != null) {
+        key = cfg.gpgKey;
+        signByDefault = true;
+      };
       extraConfig = {
         init.defaultBranch = "main";
         pull.rebase = true;
diff --git a/nix/secrets.example.nix b/nix/secrets.example.nix
index e6a184b..992cc92 100644
--- a/nix/secrets.example.nix
+++ b/nix/secrets.example.nix
@@ -7,5 +7,7 @@
   git = {
     userName = "Bob Ross";
     userEmail = "bross@example.com";
+    # gpg --list-secret-keys
+    gpgSigningKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
   };
 }