git: support not configuring signing.format (#6478)

2025-02-17 03:00:03 -08:00 · 2025-02-17 03:00:03 -08:00 · 5c5697b82a
commit 5c5697b82a
parent 30b9cd6f1a
9 changed files with 52 additions and 47 deletions
--- a/modules/programs/git.nix
+++ b/modules/programs/git.nix
@ -118,7 +118,7 @@ in {
        };

        format = mkOption {
-          type = types.enum [ "openpgp" "ssh" "x509" ];
+          type = types.nullOr (types.enum [ "openpgp" "ssh" "x509" ]);
          defaultText = literalExpression ''
            "openpgp" for state version < 25.05,
            undefined for state version ≥ 25.05
@ -130,13 +130,13 @@ in {
        };

        signByDefault = mkOption {
-          type = types.bool;
-          default = false;
+          type = types.nullOr types.bool;
+          default = null;
          description = "Whether commits and tags should be signed by default.";
        };

        signer = mkOption {
-          type = types.str;
+          type = types.nullOr types.str;
          description = "Path to signer binary to use.";
        };
      };
@ -493,25 +493,35 @@ in {
    (mkIf (cfg.signing != { }) {
      programs.git = {
        signing = {
-          format = mkIf (versionOlder config.home.stateVersion "25.05")
-            (mkOptionDefault "openpgp");
-          signer = mkIf (cfg.signing.format != null) (mkOptionDefault {
-            openpgp = getExe config.programs.gpg.package;
-            ssh = getExe' pkgs.openssh "ssh-keygen";
-            x509 = getExe' config.programs.gpg.package "gpgsm";
-          }.${cfg.signing.format});
+          format = if (versionOlder config.home.stateVersion "25.05") then
+            (mkOptionDefault "openpgp")
+          else
+            null;
+          signer = let
+            defaultSigners = {
+              openpgp = getExe config.programs.gpg.package;
+              ssh = getExe' pkgs.openssh "ssh-keygen";
+              x509 = getExe' config.programs.gpg.package "gpgsm";
+            };
+          in mkIf (cfg.signing.format != null)
+          (mkOptionDefault defaultSigners.${cfg.signing.format});
        };

-        iniContent = let inherit (cfg.signing) format;
-        in {
-          user.signingKey = mkIf (cfg.signing.key != null) cfg.signing.key;
-          commit.gpgSign = mkDefault cfg.signing.signByDefault;
-          tag.gpgSign = mkDefault cfg.signing.signByDefault;
-          gpg = {
-            format = mkDefault format;
-            ${format}.program = cfg.signing.signer;
-          };
-        };
+        iniContent = mkMerge [
+          (mkIf (cfg.signing.key != null) {
+            user.signingKey = mkDefault cfg.signing.key;
+          })
+          (mkIf (cfg.signing.signByDefault != null) {
+            commit.gpgSign = mkDefault cfg.signing.signByDefault;
+            tag.gpgSign = mkDefault cfg.signing.signByDefault;
+          })
+          (mkIf (cfg.signing.format != null) {
+            gpg = {
+              format = mkDefault cfg.signing.format;
+              ${cfg.signing.format}.program = mkDefault cfg.signing.signer;
+            };
+          })
+        ];
      };
    })