me like nix
update allowed signers
author
Sean Aye
date
(Mar 22, 2026, 8:03 PM -0400)
commit
ef7a8990
ef7a89903bc484f13038bc8ad606e6b85218896b
parent
9b5d2694
9b5d2694e38d2ee73e90444419b3c2d37977caf6
change-id
mkrmtlsv
mkrmtlsvrkozusvztuprltxopuvvkttu
+11
+11
hosts/common/home.nix
+11
hosts/common/home.nix
···
400
400
email = "hello@seanaye.ca";
401
401
};
402
402
init.defaultBranch = "main";
403
+
commit.gpgSign = true;
404
+
gpg.format = "ssh";
405
+
user.signingKey = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOIgEteUEW06dnBHe2z8vNLwz2iMKe8bba6JgMmOUpcBAAAABHNzaDo= sean@framework16";
406
+
gpg.ssh.allowedSignersFile = "${config.home.homeDirectory}/.ssh/allowed_signers";
403
407
};
404
408
};
405
409
programs.jujutsu = {
···
414
418
behavior = "own";
415
419
backend = "ssh";
416
420
key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCIqgZ7kedxo+mOW7YG73Vp3zel3h180y3GKvHtRsXfGlpIIvRDy7pgCBQ4AGXYD4y78URQmFohYSAPqCPOPaWcU2un3XG9KvCzEsHmsbskPonitUmCiKvrKkb6oW4jCBtd7AEtBn+AiajAQFtPZ7NN2Df3AmTypvR6Irg7R+nxnfc9NTIHmGvxSDyWcbb4pguL20sctUSqGL6xGh8q/bqhdOThSimM+z9bEUNxK/5rPhwkNniMrp4pJcUrUiAh5/4DiRFG6KT+oeg+/myoz/Z1sPvAs7u/8JDQI4RshRD8Hu0oTkRBN6Hxj478q2SXbeBUZlD6IdjP3RhGpmSecoDdtWqKbpuV3eVRtQtba3KL86GBeV/bugaOdJ1Aud+1SOFJreAAuvxzMMKT+cdQZk6oOPP148DA/No+mDm/2S43lcdCXh79wA6YRAmKQ8jmZxTCtPutrvuZK1rguvvUlEoG/vhdNHh7eDa4Td07V6bjCRPUl8qk/e4M0E3pwsTlZc=";
421
+
backends.ssh.allowed-signers = "${config.home.homeDirectory}/.ssh/allowed_signers";
417
422
};
418
423
};
419
424
};
···
676
681
SUDO_EDITOR = "hx";
677
682
SSH_AUTH_SOCK = "${config.home.homeDirectory}/.1password/agent.sock";
678
683
};
684
+
685
+
# SSH allowed signers for commit signature verification
686
+
home.file.".ssh/allowed_signers".text = ''
687
+
hello@seanaye.ca ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCIqgZ7kedxo+mOW7YG73Vp3zel3h180y3GKvHtRsXfGlpIIvRDy7pgCBQ4AGXYD4y78URQmFohYSAPqCPOPaWcU2un3XG9KvCzEsHmsbskPonitUmCiKvrKkb6oW4jCBtd7AEtBn+AiajAQFtPZ7NN2Df3AmTypvR6Irg7R+nxnfc9NTIHmGvxSDyWcbb4pguL20sctUSqGL6xGh8q/bqhdOThSimM+z9bEUNxK/5rPhwkNniMrp4pJcUrUiAh5/4DiRFG6KT+oeg+/myoz/Z1sPvAs7u/8JDQI4RshRD8Hu0oTkRBN6Hxj478q2SXbeBUZlD6IdjP3RhGpmSecoDdtWqKbpuV3eVRtQtba3KL86GBeV/bugaOdJ1Aud+1SOFJreAAuvxzMMKT+cdQZk6oOPP148DA/No+mDm/2S43lcdCXh79wA6YRAmKQ8jmZxTCtPutrvuZK1rguvvUlEoG/vhdNHh7eDa4Td07V6bjCRPUl8qk/e4M0E3pwsTlZc=
688
+
hello@seanaye.ca sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOIgEteUEW06dnBHe2z8vNLwz2iMKe8bba6JgMmOUpcBAAAABHNzaDo= sean@framework16
689
+
'';
679
690
680
691
# Yubikey identity for agenix (not secret - just a reference to the hardware key)
681
692
home.file.".config/agenix/yubikey-identity.txt".text = ''