From 886ac4eb36314d1be2cfdaf6549725aeb5a8b0fe Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 16 Jun 2026 11:27:17 +0100 Subject: [PATCH] fix(git.nix): make personal signingkey a mkDefault git.nix and work.nix both define user.signingkey. They used to hold the same value, which types.str tolerates, but git.nix now sets the personal key while work.nix sets the work key, so the two plain definitions conflict on the EDaaS host. Mark git.nix's signingkey as mkDefault, mirroring user.email: personal hosts get the personal key, and work.nix's plain work-key definition wins on the work host. --- lyrathorpe/home/git.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lyrathorpe/home/git.nix b/lyrathorpe/home/git.nix index 7300559..9300ecf 100644 --- a/lyrathorpe/home/git.nix +++ b/lyrathorpe/home/git.nix @@ -77,12 +77,14 @@ in cc = "!cz commit"; }; - # SSH commit signing on personal hosts too (the work module sets the same - # on the work host). mkDefault so a host without the key in its ssh-agent - # can override to false -- otherwise commits there would fail. Reuses the - # existing ssh key; a dedicated personal key can be swapped in later. + # SSH commit signing. This personal key is the default; the work module + # (work.nix) overrides it with the work key on the EDaaS host, the same way + # user.email is overridden -- so mkDefault here lets that plain definition + # win instead of conflicting. gpgsign is mkDefault too, so a host without + # the key in its ssh-agent can override it to false rather than fail every + # commit. gpg.format = "ssh"; - user.signingkey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDxHvdMTOzpFWUFMtCP7C/4tIOUO3GIO2QPvaifSnWH lyrathorpe@Lyra-MBA"; + user.signingkey = lib.mkDefault "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDxHvdMTOzpFWUFMtCP7C/4tIOUO3GIO2QPvaifSnWH lyrathorpe@Lyra-MBA"; commit.gpgsign = lib.mkDefault true; tag.gpgsign = lib.mkDefault true; };