From 63ed8d6d4203d9b3ceb87577b09d38e50cfc086e Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Sun, 2 Jun 2024 10:34:14 -0400
Subject: [PATCH] 1password: sign git commits

---
 home/_1password.nix | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/home/_1password.nix b/home/_1password.nix
index 98433bd..ad087f0 100644
--- a/home/_1password.nix
+++ b/home/_1password.nix
@@ -1,4 +1,7 @@
-{ pkgs, lib, ... }:
+{ flake, config, pkgs, lib, ... }:
+let
+  userConfig = flake.config.people.users.${config.home.username};
+in
 {
   home.packages = with pkgs; [
     _1password
@@ -20,4 +23,18 @@
       };
     };
   };
+
+  # https://developer.1password.com/docs/ssh/git-commit-signing/
+  # 
+  # For this to work on GitHub, you must have added the SSH pub key as a signing key, see
+  # https://1password.community/discussion/comment/667515/#Comment_667515
+  programs.git.includes = [{
+    condition = "gitdir:~/code/**"; # Personal repos only
+    contents = {
+      user.signingKey = userConfig.sshKey;
+      gpg.format = "ssh";
+      gpg.ssh.program = "/Applications/1Password.app/Contents/MacOS/op-ssh-sign";
+      commit.gpgsign = true;
+    };
+  }];
 }