From f0caf9b5a14aafd1335af25250b2c3c4b0c8ad2a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 5 Mar 2023 15:58:28 +0100 Subject: [PATCH] gitea: re-enable serverside GPG signing --- hosts/flora-6/gitea.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/hosts/flora-6/gitea.nix b/hosts/flora-6/gitea.nix index 091be889..1783a879 100644 --- a/hosts/flora-6/gitea.nix +++ b/hosts/flora-6/gitea.nix @@ -38,11 +38,10 @@ FROM = ''"pub.solar git server" ''; USER = "admins@pub.solar"; }; - # currently broken, gpg core dumps - #"repository.signing" = { - # SIGNING_KEY = "default"; - # MERGES = "always"; - #}; + "repository.signing" = { + SIGNING_KEY = "default"; + MERGES = "always"; + }; openid = { ENABLE_OPENID_SIGNIN = true; ENABLE_OPENID_SIGNUP = true; @@ -54,10 +53,16 @@ }; }; + # See: https://docs.gitea.io/en-us/signing/#installing-and-generating-a-gpg-key-for-gitea # Required for gitea server side gpg signatures - # configured / setup manually in - # /var/lib/gitea/data/home/.gitconfig and + # configured/setup manually in: + # /var/lib/gitea/data/home/.gitconfig # /var/lib/gitea/data/home/.gnupg/ + # sudo su gitea + # export GNUPGHOME=/var/lib/gitea/data/home/.gnupg + # gpg --quick-gen-key 'pub.solar gitea ' ed25519 + # TODO: implement declarative GPG key generation and + # gitea gitconfig programs.gnupg.agent = { enable = true; pinentryFlavor = "curses";