git: set email from sops

.sops.yaml

@@ -1,10 +1,12 @@
 keys:
   - &users
-    - &john
-      - age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt
-      - age1l7e29a95nat4qm4yraxhg6n2lzefp6ppt9hrap0zf0pm08vnquws8amdmm
+    - &john age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt
+    - &john-work age1l7e29a95nat4qm4yraxhg6n2lzefp6ppt9hrap0zf0pm08vnquws8amdmm
 
 creation_rules:
   - path_regex: home/global/secrets.ya?ml$
     key_groups:
-      - age: *john
+      - age: *users
+  - path_regex: home/modules/tui/git/secrets.ya?ml$
+    key_groups:
+      - age: *users

home/modules/tui/default.nix

@@ -1,7 +1,7 @@
 { pkgs, ... }: {
   # Core CLI apps
 
-  imports = [ ./git.nix ./shell ./nix-index.nix ./neovim ./tmux.nix ];
+  imports = [ ./git ./shell ./nix-index.nix ./neovim ./tmux.nix ];
 
   home.packages = with pkgs; [
     age # Simple, modern and secure file encryption tool

home/modules/tui/git/default.nix

@@ -1,6 +1,7 @@
-{ lib, ... }:
-let email = lib.concatStringsSep "" [ "john@bo" "wdre.net" ];
-in {
+{ config, lib, ... }: {
+
+  sops = { secrets = { git-email = { sopsFile = ./secrets.yaml; }; }; };
+
   programs.git = {
     enable = lib.mkDefault true;
     delta.enable = true;
@@ -8,7 +9,6 @@ in {
       graph = "log --decorate --oneline --graph";
       fast-forward = "merge --ff-only";
     };
-    userEmail = lib.mkDefault email;
     userName = lib.mkDefault "John Bowdre";
     extraConfig = {
       gpg.format = "ssh";
@@ -17,4 +17,9 @@ in {
       user.signingKey = "~/.ssh/id_ed25519.pub";
     };
   };
+
+  programs.fish.shellInit = ''
+    set -x GIT_COMMITTER_EMAIL "$(cat ${config.sops.secrets.git-email.path})"
+  '';
+
 }

home/modules/tui/git/secrets.yaml

@@ -0,0 +1,30 @@
+git-email: ENC[AES256_GCM,data:fZhYwJR3UV9U4LzjCtCb,iv:Kqlk8lFNCgeMjMNuHJVheEFYpmdsl70CfftTYueDlIY=,tag:qaFksSIyiXojV3EE5vHCtw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1uspm4tsmv5tehenn23pahcahj49dzege7zqfeg9y36awmjsa5exqldhykt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVzJmZlMyMUNOVzBUWGRo
+            T0dkZDFqTklvWTJZZTRxak5NOHBMaXZOaDJnCkRwTVc0dUJJSHRMZy9hRm9JVFlR
+            Nys5ZGs2ZTVlYk43OFhwMExObnNZbTQKLS0tIHVtcHNjcjhuUDFXaFlaMmd5a0x0
+            am9RMzNjOURhZDMyVzFJTU1UcktoZHcKM2aZYHQWQ28f4Jyfg2r52ep5m5JNpFZa
+            fbKyYMDLYvZjn0+H+ZF+f3oUyk1llYlxqEhnAJrzLE8aOCECXlFjlw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1l7e29a95nat4qm4yraxhg6n2lzefp6ppt9hrap0zf0pm08vnquws8amdmm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSWi9lVzZ5cEpZdVRVM0Zs
+            c2FKOXlXY0o0SGM5b3lLb0xSYmJVNlJhazNNCmdQN2RhTFdSOHcvbVBpVCtzc0tV
+            anhTNTVYekhIc0UzMm8wa05sRGlLQWcKLS0tIFA2UldrQnVwSjVncjVoWGVSd0RB
+            eWlYS2NaaVlJK2VmYTFsZkRzZE1JV28KdKN9ySEj6mt6caZOpDW658p3Hwqc4YYy
+            WY8lRHQHaYuAhVzC46Xos9LN2ZSyUtNB/BOUrhMGk0rNLZ2HYxU4Kg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-10T19:13:52Z"
+    mac: ENC[AES256_GCM,data:0W2fJu1Oohx7s0dM2U9zPnpvoGXA9t/BF0VmVnZwMKDj/DOsZ7DplIl7VRLUus21dX8SJZPRySrBumGRf9Ev8NqPqvgmHqMJ//rUQhQihJ2GiV9SLrfdfQ4iY/+2ChvFOdjlxMngiaUe0wFEl93YGILsWMPdIzZzBCrrRQ072f8=,iv:vwubY3+MX2HM/9E8x5Od4YpfhZ2obm9Rr+EBFjFIdNI=,tag:vU8gekxeCCnFO30f/kdc6A==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2