GnuPG config (#98)

* Add GnuPG key & trustdb to home-manager. * Trust GitHub's signing key. * Remove GPG public key from the repo. It is already hosted at https://github.com/attilaolah.gpg anyway, so we can reference it from there.
attilaolah · Sep 23, 2024 · 2fb6cdb · 2fb6cdb
1 parent c3230c8
commit 2fb6cdb
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/home-manager/programs/git.nix b/home-manager/programs/git.nix
@@ -1,12 +1,12 @@
-{
+{config, ...}: {
   programs.git = {
     enable = true;
 
     userName = "Attila Oláh";
     userEmail = "[email protected]";
-    signing = {
-      signByDefault = true;
-      key = "07E6C0643FD142C3";
+    signing = with config.programs.gpg; {
+      signByDefault = enable;
+      key = settings.default-key;
     };
     aliases = {
       ci = "commit";

diff --git a/home-manager/programs/gpg.nix b/home-manager/programs/gpg.nix
@@ -1,6 +1,24 @@
-{
+{pkgs, ...}: {
   programs.gpg = {
     enable = true;
+    mutableKeys = false;
+    mutableTrust = false;
+    publicKeys = [
+      {
+        source = pkgs.fetchurl {
+          url = "https://github.com/attilaolah.gpg";
+          hash = "sha256-0xBHzPfbfx8buL3kH4EjNDaetZ5REWTMZQe4X1qNVBE=";
+        };
+        trust = "ultimate";
+      }
+      {
+        source = pkgs.fetchurl {
+          url = "https://github.com/web-flow.gpg";
+          hash = "sha256-bor2h/YM8/QDFRyPsbJuleb55CTKYMyPN4e9RGaj74Q=";
+        };
+        trust = "full";
+      }
+    ];
     settings.default-key = "07E6C0643FD142C3";
   };
 }