Add gpg git signature to Veracode

home-manager/lcech-mac-veracode.nix

@@ -9,6 +9,9 @@ let
 
   zshSourceDirs = [ ];
 
+  gitUsername = "Lukas Cech";
+  gitEmail = "lcech@veracode.com";
+
 in
 {
   imports = [
@@ -41,6 +44,14 @@ in
       '';
     };
 
+    "${homedir}/.gnupg/gpg-agent.conf" = {
+      text = ''
+        default-cache-ttl 34560000
+        max-cache-ttl 34560000
+        pinentry-program ${pkgs.pinentry_mac}/bin/pinentry-mac
+      '';
+    };
+
     "${homedir}/.hammerspoon/hmSpoons/C3CWorkspace.spoon" = {
       source = ./hammerspoon/C3CWorkspace.spoon;
       recursive = true;
@@ -65,8 +76,8 @@ in
 
   programs.git = {
     enable = true;
-    userName = "Lukas Cech";
+    userName = gitUsername;
-    userEmail = "lcech@veracode.com";
+    userEmail = gitEmail;
 
     ignores = [
       ".vscode"
@@ -75,6 +86,11 @@ in
       ".envrc"
     ];
 
+    signing = {
+      signByDefault = true;
+      key = "5ABD6C5E";
+    };
+
     extraConfig = {
       core = {
         autocrlf = "input";
@@ -87,6 +103,24 @@ in
     };
   };
 
+  # Generate key wth gpg --full-gen-key
+  # Kind of key: 10 ECC sign only, curve 25519
+  # Real name: <username>
+  # Email address: <email>
+
+  # Add to git: gpg --list-secret-keys --keyid-format SHORT
+  # get the bit after the key kind and put it in the signing.key in git config above
+  # gpg --armor --export <KEY> and add to git account
+
+  programs.gpg = {
+    enable = true;
+    settings = {
+      use-agent = true;
+    };
+    mutableKeys = false;
+    publicKeys = [ ];
+  };
+
   programs.lsd = {
     enable = true;
     enableAliases = true;