feat(nix): add git and gnupg

fish/config.fish

@@ -31,7 +31,7 @@ set -gx PATH $PATH $HOME/.krew/bin
 set -gx FISH_KUBECTL_COMPLETION_COMPLETE_CRDS 0
 
 # Load ssh keys into ssh-agent
-load_keys
+#load_keys
 
 # Load env credentials
 if begin; test -f ~/.ssh/env-credentials;end

fish/functions/load_keys.fish

@@ -1,7 +1,7 @@
-function load_keys --description 'Load keys from .ssh folder starting with id_'
-  if status --is-login
-    for key in (ls $HOME/.ssh/id_* | grep -v pub)
-      ssh-add -q  $key
-    end
-  end
-end
+#function load_keys --description 'Load keys from .ssh folder starting with id_'
+#  if status --is-login
+#    for key in (ls $HOME/.ssh/id_* | grep -v pub)
+#      ssh-add -q  $key
+#    end
+#  end
+#end

nix/modules/nixos/suites/common/default.nix

@@ -14,8 +14,17 @@ in {
   };
 
   config = mkIf cfg.enable {
-    system.nix.enable = true;
-    system.security.doas.enable = false;
+    system = {
+      nix.enable = true;
+
+      fonts.enable = true;
+      locale.enable = true;
+      time.enable = true;
+      xkb.enable = true;
+
+      security.doas.enable = false;
+      security.gpg.enable = true;
+    };
 
     hardware.audio.enable = true;
     hardware.networking.enable = true;
@@ -26,12 +35,6 @@ in {
     # add sys custom build package
     environment.systemPackages = [pkgs.custom.sys];
 
-    system = {
-      fonts.enable = true;
-      locale.enable = true;
-      time.enable = true;
-      xkb.enable = true;
-    };
     custom.tools = {
       git.enable = true;
     };

nix/modules/nixos/system/security/gpg/default.nix

@@ -0,0 +1,70 @@
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  inputs,
+  ...
+}:
+with lib;
+with lib.custom; let
+  cfg = config.system.security.gpg;
+
+  gpgConf = ''
+    use-agent
+    pinentry-mode loopback
+  '';
+
+  gpgAgentConf = ''
+    enable-ssh-support
+    default-cache-ttl 28800
+    max-cache-ttl 28800
+    allow-loopback-pinentry
+  '';
+in {
+  options.system.security.gpg = with types; {
+    enable = mkBoolOpt false "Whether or not to enable GPG.";
+    agentTimeout = mkOpt int 5 "The amount of time to wait before continuing with shell init.";
+  };
+
+  config = mkIf cfg.enable {
+    # NOTE: This should already have been added by programs.gpg, but
+    # keeping it here for now just in case.
+    environment.shellInit = ''
+      export GPG_TTY="$(tty)"
+      export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
+
+      ${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent
+      gpg_agent_timeout_status=$?
+
+      if [ "$gpg_agent_timeout_status" = 124 ]; then
+        # Command timed out...
+        echo "GPG Agent timed out..."
+        echo 'Run "gpgconf --launch gpg-agent" to try and launch it again.'
+      fi
+    '';
+
+    environment.systemPackages = with pkgs; [
+      gnupg
+      pinentry-curses
+      pinentry-qt
+    ];
+
+    programs = {
+      ssh.startAgent = false;
+
+      gnupg.agent = {
+        enable = true;
+        enableSSHSupport = true;
+        enableExtraSocket = true;
+      };
+    };
+
+    home.file = {
+      ".gnupg/.keep".text = "";
+
+      ".gnupg/gpg.conf".text = gpgConf;
+      ".gnupg/gpg-agent.conf".text = gpgAgentConf;
+    };
+  };
+}

nix/modules/nixos/system/security/keyring/default.nix

@@ -0,0 +1,22 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+with lib.custom; let
+  cfg = config.custom.security.keyring;
+in {
+  options.custom.security.keyring = with types; {
+    enable = mkBoolOpt false "Whether to enable gnome keyring.";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      gnome.gnome-keyring
+      gnome.libgnome-keyring
+    ];
+  };
+}

nix/modules/nixos/tools/git/default.nix

@@ -8,15 +8,15 @@
 with lib;
 with lib.custom; let
   cfg = config.custom.tools.git;
-  # gpg = config.custom.security.gpg;
+  gpg = config.system.security.gpg;
   user = config.custom.user;
 in {
   options.custom.tools.git = with types; {
     enable = mkBoolOpt false "Whether or not to install and configure git.";
     userName = mkOpt types.str user.fullName "The name to configure git with.";
     userEmail = mkOpt types.str user.email "The email to configure git with.";
     signingKey =
-      mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with.";
+      mkOpt types.str "7C43420F61CEC7FB" "The key ID to sign commits with.";
   };
 
   config = mkIf cfg.enable {
@@ -27,18 +27,37 @@ in {
         enable = true;
         inherit (cfg) userName userEmail;
         lfs = enabled;
-        # signing = {
-        #   key = cfg.signingKey;
-        #   signByDefault = mkIf gpg.enable true;
-        # };
+        signing = {
+          key = cfg.signingKey;
+          signByDefault = mkIf gpg.enable true;
+        };
         extraConfig = {
-          init = {defaultBranch = "main";};
+          init = {
+            defaultBranch = "master";
+            templatedir = "~/.git_template";
+            whitespace = "trailing-space,space-before-tab";
+          };
+          core = {
+            pager = "bat";
+          };
           pull = {rebase = true;};
           push = {autoSetupRemote = true;};
-          core = {whitespace = "trailing-space,space-before-tab";};
           safe = {
             directory = "${config.users.users.${user.name}.home}/work/config";
           };
+          merge = {
+            tool = "nvimdiff";
+            conflictstyle = "diff3";
+          };
+          diff = {
+            tool = "nvimdiff";
+          };
+          difftool = {
+            prompt = false;
+          };
+          mergetool = {
+            prompt = false;
+          };
         };
       };
     };