Commit `55064cf8ccf1`

Vincent Demeester <vincent@sbr.pm>

2025-12-10 16:38:49

feat(git): Configure SSH allowed signers for commit verification

- Enable verification of SSH-signed commits from aomi and kyushu - Establish trust chain for commits signed with configured SSH keys - Complete SSH signing setup for secure commit authentication Signed-off-by: Vincent Demeester <vincent@sbr.pm>

main

1 parent 4b6099c

Changed files (1)

home

common

shell

git.nix

@@ -38,9 +38,14 @@ let
     "aomi"
     "kyushu"
   ];
+  # List of allowed SSH signing keys for git commit verification
+  allowedSigners = ''
+    vincent@aomi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJmTdMKYdgqpbQWBif58VBuwX+GqMGsMfB1ey1TKrM3
+    vincent@kyushu ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGHMa4rHuBbQQYv+8jvlkFCD2VYRGA4+5fnZAhLx8iDirzfEPqHB60UJWcDeixnJCUlpJjzFbS4crNOXhfCTCTE=
+  '';
 in
 {
-  xdg.configFile."git/allowed_signers".text = '''';
+  xdg.configFile."git/allowed_signers".text = allowedSigners;
   home.packages = with pkgs; [
     git-lfs
     gh

Commit 55064cf8ccf1

Commit `55064cf8ccf1`