From 2ef3ffa05e76e9129fdc12f8f69510fdf461d140 Mon Sep 17 00:00:00 2001
From: Charlie Root <charlie@charlieroot.dev>
Date: Tue, 4 Mar 2025 22:15:43 +0100
Subject: [PATCH] git.nix: fix signing keys

---
 modules/other/git.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/modules/other/git.nix b/modules/other/git.nix
index 82bced8..f0c26fd 100644
--- a/modules/other/git.nix
+++ b/modules/other/git.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{pkgs, ...}: let
+
+key =
+pkgs.writeText "signingkey"  "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAWEDj/Yib6Mqs016jx7rtecWpytwfVl28eoHtPYCM9TVLq81VIHJSN37lbkc/JjiXCdIJy2Ta3A3CVV5k3Z37NbgAu23oKA2OcHQNaRTLtqWlcBf9fk9suOkP1A3NzAqzivFpBnZm3ytaXwU8LBJqxOtNqZcFVruO6fZxJtg2uE34mAw==";
+in{
   programs.git = {
     enable = true;
     lfs.enable = true;
@@ -6,7 +10,7 @@
       user = {
         name = "Charlie Root";
         email = "charlie@charlieroot.dev";
-        signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPiRe9OH/VtWFWyy5QbAVcN7CLxr4zUtRCwmxD6aeN6";
+        signingKey = "${key}";
       };
       init.defaultbranch = "main";
       branch.autosetupmerge = "true";
@@ -15,6 +19,11 @@
       gpg.format = "ssh";
       commit.gpgsign = "true";
       diff.external = "${pkgs.difftastic}/bin/difft";
+
+      signing = {
+        key = "${key}";
+        signByDefault = true;
+      };
       core = {
         editor = "hx";
       };