From 1e90166600d0be1c4178a3a721790fca5ac2c88a Mon Sep 17 00:00:00 2001
From: Leonardo Santiago <leonardo.ribeiro.santiago@gmail.com>
Date: Wed, 5 Jun 2024 18:54:36 -0300
Subject: add ssh automatic signing through ssh

---
 users/leonardo.nix | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'users')

diff --git a/users/leonardo.nix b/users/leonardo.nix
index 4795223..d485e8f 100644
--- a/users/leonardo.nix
+++ b/users/leonardo.nix
@@ -1,4 +1,9 @@
 { pkgs, config, inputs, ... }:
+let
+  all-keys = import ../secrets/pub-ssh-keys.nix;
+  sshkeys = all-keys.${config.networking.hostName};
+  user-key = sshkeys.user;
+in
 {
   imports = [
     ../modules/gnome.nix
@@ -107,7 +112,7 @@
       extraGroups = [ "networkmanager" "wheel" ];
       shell = pkgs.bashInteractive;
       hashedPasswordFile = config.age.secrets.user-pass.path;
-      openssh.authorizedKeys.keys = builtins.attrValues (import ../secrets/hosts-pub-keys.nix);
+      openssh.authorizedKeys.keys = builtins.concatLists (map builtins.attrValues (builtins.attrValues all-keys));
     };
 
     age.secrets = {
@@ -227,9 +232,14 @@
             enable = true;
             diff-so-fancy.enable = true;
             extraConfig = {
-              user.name = "Leonardo Santiago";
-              user.email = "leonardo.ribeiro.santiago@gmail.com";
+              user = {
+                name = "Leonardo Santiago";
+                email = "leonardo.ribeiro.santiago@gmail.com";
+                signingkey = user-key;
+              };
               color.ui = true;
+              gpg.format = "ssh";
+              commit.gpgsign = true;
             };
           };
           mu.enable = true;
-- 
cgit v1.2.3