feat(git): use soft secrets to handle email and signing key

flake.lock

@@ -61,10 +61,10 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1754865211,
+        "lastModified": 1754941966,
-        "narHash": "sha256-/J6DVTh9f2KXB9N6Dvdf/tZQjkwCzVNxztgNPl2wNVI=",
+        "narHash": "sha256-P+I9HIL6p+ySfsFR+3wQYOWouB3lXXeipMG7MYYWX9o=",
         "ref": "main",
-        "rev": "bb8073a0dc9ac1299e73c4a576bbd9e1314483e6",
+        "rev": "a1a559d8a00dbc4b00abd99f02f536c0f6027a32",
         "shallow": true,
         "type": "git",
         "url": "ssh://git@git.epha.se:24422/ephase/nix-private.git"

hosts/work/home-config.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, inputs, ... }: {
   config.modules = {
     application = {
       zathura.enable = true;
@@ -13,9 +13,8 @@
       ghq.enable = true;
       git = {
         enable = true;
-        userEmail = "ybarbanneau@sellsy.com";
+        userEmail = inputs.nix-private.git.work.userEmail;
-        signingKey = "6E1A834E282FBD98B48069444447A19BBEDB8DBA";
+        signingKey = inputs.nix-private.git.work.signingKey;
-        signByDefault = true;
       };
       k8s = {
         enable = true;

modules/home-manager/cli/git/default.nix

@@ -1,4 +1,4 @@
-{ lib, config, pkgs, ... }:
+{ lib, config, pkgs, inputs, ... }:
 with lib;
 let
   cfg = config.modules.cli.git;
@@ -15,19 +15,19 @@ in
 
     userEmail = mkOption {
       type = types.str;
-      default = "ephase@xieme-art.org";
+      default = inputs.nix-private.git.personal.userEmail;
       description = "git email";
     };
 
     signingKey = mkOption {
       type = types.nullOr types.str;
-      default = null;
+      default = inputs.nix-private.git.personal.signingKey;
       description = "signing key fingerprint";
     };
 
     signByDefault = mkOption {
       type = types.bool;
-      default = false;
+      default = true;
       description = "activate signing by default";
     };
   };