From 140aaed3dffbe33bb8b2e0cf333c67f36765c85e Mon Sep 17 00:00:00 2001
From: Lily Foster <lily@lily.flowers>
Date: Mon, 29 Aug 2022 11:35:15 -0400
Subject: [PATCH] git: gpg sign tags with signing.signByDefault set

The `tag.gpgSign` config option was added in Git 2.23.0 and seems like
it should be set in addition to `commit.gpgSign` when
`programs.git.signing.signByDefault` is enabled
---
 modules/programs/git.nix                                       | 3 ++-
 tests/modules/programs/git/git-expected.conf                   | 3 +++
 .../modules/programs/git/git-with-signing-key-id-expected.conf | 3 +++
 .../programs/git/git-without-signing-key-id-expected.conf      | 3 +++
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/programs/git.nix b/modules/programs/git.nix
index 9b0d4c0d5..a833e2c37 100644
--- a/modules/programs/git.nix
+++ b/modules/programs/git.nix
@@ -73,7 +73,7 @@ let
       signByDefault = mkOption {
         type = types.bool;
         default = false;
-        description = "Whether commits should be signed by default.";
+        description = "Whether commits and tags should be signed by default.";
       };
 
       gpgPath = mkOption {
@@ -444,6 +444,7 @@ in {
       programs.git.iniContent = {
         user.signingKey = mkIf (cfg.signing.key != null) cfg.signing.key;
         commit.gpgSign = cfg.signing.signByDefault;
+        tag.gpgSign = cfg.signing.signByDefault;
         gpg.program = cfg.signing.gpgPath;
       };
     })
diff --git a/tests/modules/programs/git/git-expected.conf b/tests/modules/programs/git/git-expected.conf
index ce1b22edf..61e0a2cc5 100644
--- a/tests/modules/programs/git/git-expected.conf
+++ b/tests/modules/programs/git/git-expected.conf
@@ -43,6 +43,9 @@
 [interactive]
 	diffFilter = "@delta@/bin/delta --color-only"
 
+[tag]
+	gpgSign = true
+
 [user]
 	email = "user@example.org"
 	name = "John Doe"
diff --git a/tests/modules/programs/git/git-with-signing-key-id-expected.conf b/tests/modules/programs/git/git-with-signing-key-id-expected.conf
index 4a4289902..b26377aac 100644
--- a/tests/modules/programs/git/git-with-signing-key-id-expected.conf
+++ b/tests/modules/programs/git/git-with-signing-key-id-expected.conf
@@ -4,6 +4,9 @@
 [gpg]
 	program = "path-to-gpg"
 
+[tag]
+	gpgSign = true
+
 [user]
 	email = "user@example.org"
 	name = "John Doe"
diff --git a/tests/modules/programs/git/git-without-signing-key-id-expected.conf b/tests/modules/programs/git/git-without-signing-key-id-expected.conf
index 7564b3502..8c04aeda1 100644
--- a/tests/modules/programs/git/git-without-signing-key-id-expected.conf
+++ b/tests/modules/programs/git/git-without-signing-key-id-expected.conf
@@ -4,6 +4,9 @@
 [gpg]
 	program = "path-to-gpg"
 
+[tag]
+	gpgSign = true
+
 [user]
 	email = "user@example.org"
 	name = "John Doe"