Make commit signing work on darwin

jeremystucki · Nov 6, 2024 · 2088820 · 2088820
1 parent b87e740
commit 2088820
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 18 deletions.
diff --git a/common/nixos-home-manager.nix b/common/nixos-home-manager.nix
@@ -1,8 +1,5 @@
 { pkgs, ... }:
 
-let
-  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9keparNqpev2qrDO3cAiDzyTUsAAN9Mh+JLbOsdiZs";
-in
 {
   imports = map (x: ../components + x) [
     /common-apps.nix
@@ -11,19 +8,4 @@ in
   ];
 
   home.homeDirectory = "/home/jeremy";
-
-  programs.git.extraConfig = {
-    commit.gpgsign = true;
-    user.signingkey = publicKey;
-    "gpg \"ssh\"".program = "${pkgs._1password-gui}/bin/op-ssh-sign";
-
-    gpg = {
-      format = "ssh";
-      ssh.allowedSignersFile = builtins.toFile "allowed_signers" ''
-        dev@jeremystucki.ch ${publicKey}
-        jeremy.stucki@valora.com ${publicKey}
-        jeremy.stucki@ost.ch ${publicKey}
-      '';
-    };
-  };
 }
diff --git a/components/git.nix b/components/git.nix
@@ -2,6 +2,7 @@
 
 let
   gitPackage = pkgs.git;
+  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9keparNqpev2qrDO3cAiDzyTUsAAN9Mh+JLbOsdiZs";
 in
 {
   home.shellAliases = {
@@ -58,6 +59,24 @@ in
         autosquash = true;
         updateRefs = true;
       };
+
+      commit.gpgsign = true;
+      user.signingkey = publicKey;
+
+      "gpg \"ssh\"".program =
+        if pkgs.stdenv.isDarwin then
+          "/Applications/1Password.app/Contents/MacOS/op-ssh-sig"
+        else
+          "${pkgs._1password-gui}/bin/op-ssh-sign";
+
+      gpg = {
+        format = "ssh";
+        ssh.allowedSignersFile = builtins.toFile "allowed_signers" ''
+          dev@jeremystucki.ch ${publicKey}
+          jeremy.stucki@valora.com ${publicKey}
+          jeremy.stucki@ost.ch ${publicKey}
+        '';
+      };
     };
 
     delta = {