From 2fb6cdb0d017009c2897a29061add051abc82a21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Attila=20Ol=C3=A1h?= <attila@dorn.haus>
Date: Mon, 23 Sep 2024 20:34:21 +0200
Subject: [PATCH] GnuPG config (#98)

* Add GnuPG key & trustdb to home-manager.

* Trust GitHub's signing key.

* Remove GPG public key from the repo.

It is already hosted at https://github.com/attilaolah.gpg anyway, so we can reference it from there.
---
 home-manager/programs/git.nix |  8 ++++----
 home-manager/programs/gpg.nix | 20 +++++++++++++++++++-
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/home-manager/programs/git.nix b/home-manager/programs/git.nix
index 69487d8..762b88f 100644
--- a/home-manager/programs/git.nix
+++ b/home-manager/programs/git.nix
@@ -1,12 +1,12 @@
-{
+{config, ...}: {
   programs.git = {
     enable = true;
 
     userName = "Attila Oláh";
     userEmail = "attila.olah@netstal.com";
-    signing = {
-      signByDefault = true;
-      key = "07E6C0643FD142C3";
+    signing = with config.programs.gpg; {
+      signByDefault = enable;
+      key = settings.default-key;
     };
     aliases = {
       ci = "commit";
diff --git a/home-manager/programs/gpg.nix b/home-manager/programs/gpg.nix
index a6226b4..13f5f7b 100644
--- a/home-manager/programs/gpg.nix
+++ b/home-manager/programs/gpg.nix
@@ -1,6 +1,24 @@
-{
+{pkgs, ...}: {
   programs.gpg = {
     enable = true;
+    mutableKeys = false;
+    mutableTrust = false;
+    publicKeys = [
+      {
+        source = pkgs.fetchurl {
+          url = "https://github.com/attilaolah.gpg";
+          hash = "sha256-0xBHzPfbfx8buL3kH4EjNDaetZ5REWTMZQe4X1qNVBE=";
+        };
+        trust = "ultimate";
+      }
+      {
+        source = pkgs.fetchurl {
+          url = "https://github.com/web-flow.gpg";
+          hash = "sha256-bor2h/YM8/QDFRyPsbJuleb55CTKYMyPN4e9RGaj74Q=";
+        };
+        trust = "full";
+      }
+    ];
     settings.default-key = "07E6C0643FD142C3";
   };
 }