From 0f3a5a541b73aa2adce87ff73649e3d88efbff51 Mon Sep 17 00:00:00 2001
From: Mike Priscella <mpriscella@gmail.com>
Date: Sun, 15 Jun 2025 22:28:33 -0400
Subject: [PATCH 1/2] Add debug env var to disable automatic dotfile
 installation

---
 .devcontainer/devcontainer.json | 22 +++++-----------------
 install.sh                      |  8 ++++++++
 2 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 5052775..486e81b 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -8,22 +8,10 @@
   //   "DEBUG_DOTFILES": "true"
   // },
   "customizations": {
-    "vscode": {
-      "extensions": [
-        "ms-azuretools.vscode-docker",
-        "timonwong.shellcheck",
-        "esbenp.prettier-vscode",
-        "foxundermoon.shell-format",
-        "sumneko.lua"
-      ],
-      "settings": {
-        "Lua.diagnostics.globals": ["vim"]
-      }
+    "settings": {
+      "dotfiles.repository": "",
+      "dotfiles.targetPath": "",
+      "dotfiles.installCommand": ""
     }
-  },
-  "features": {
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {},
-    "ghcr.io/devcontainers/features/github-cli:1": {}
-  },
-  "remoteUser": "vscode"
+  }
 }
diff --git a/install.sh b/install.sh
index 1181cd5..f86f622 100755
--- a/install.sh
+++ b/install.sh
@@ -2,6 +2,14 @@
 
 set -e # Exit on any error
 
+# Check if dotfiles installation should be skipped
+if [[ "${DEBUG_DOTFILES:-}" == "true" ]]; then
+  echo "🚫 DEBUG_DOTFILES is set to 'true' - skipping dotfiles installation"
+  echo "   This is useful for debugging devcontainer setups without installing dotfiles"
+  echo "   To install dotfiles, unset DEBUG_DOTFILES or set it to 'false'"
+  exit 0
+fi
+
 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'

From 45a32bb4bd008e97e90314ea13a5d744813ed1f9 Mon Sep 17 00:00:00 2001
From: Mike Priscella <mpriscella@gmail.com>
Date: Sun, 15 Jun 2025 23:03:42 -0400
Subject: [PATCH 2/2] Add configs for gpg-signing git commits

---
 .config/home-manager/common.nix               | 54 +++++++++++++++-
 .config/home-manager/hosts/default.nix        |  2 +
 .config/home-manager/hosts/macbook-air.nix    |  1 +
 .../home-manager/hosts/work-macbook-pro.nix   |  1 +
 .../home-manager/modules/machine-config.nix   |  7 ++
 .kshell.sh                                    | 64 -------------------
 6 files changed, 64 insertions(+), 65 deletions(-)
 delete mode 100644 .kshell.sh

diff --git a/.config/home-manager/common.nix b/.config/home-manager/common.nix
index b0968eb..0965278 100644
--- a/.config/home-manager/common.nix
+++ b/.config/home-manager/common.nix
@@ -1,4 +1,9 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
+
+let
+  # Get GPG signing key from host configuration, with fallback
+  gpgSigningKey = config.myConfig.gpgSigningKey or null;
+in
 
 {
   home.packages = [
@@ -19,6 +24,7 @@
     pkgs.lazydocker
     pkgs.lazygit
     pkgs.neovim
+    pkgs.pinentry-curses  # For GPG password prompts in terminal
     pkgs.ripgrep
     pkgs.tmux
     pkgs.yq
@@ -94,6 +100,11 @@
       hm = "home-manager";
       hms = "home-manager switch";
       hmb = "home-manager build --no-out-link";
+
+      # GPG aliases for easier key management
+      gpg-list = "gpg --list-secret-keys --keyid-format=long";
+      gpg-export = "gpg --armor --export";
+      gpg-restart = "gpg-connect-agent reloadagent /bye";
     };
   };
 
@@ -114,6 +125,10 @@
       init.defaultBranch = "main";
       pull.rebase = false;
       push.default = "simple";
+
+      # GPG signing configuration
+      commit.gpgsign = true;
+      tag.gpgsign = true;
     };
 
     aliases = {
@@ -148,6 +163,43 @@
       ".env"
       ".env.local"
     ];
+  } // lib.optionalAttrs (gpgSigningKey != null) {
+    signing = {
+      key = gpgSigningKey;
+      signByDefault = true;
+    };
+  };
+
+  # Configure GPG for commit signing
+  programs.gpg = {
+    enable = true;
+
+    # Configure GPG settings
+    settings = {
+      # Use agent for key management
+      use-agent = true;
+      # Default key preferences
+      personal-digest-preferences = "SHA512";
+      cert-digest-algo = "SHA512";
+      default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
+    };
+  };
+
+  # Configure GPG agent for automatic key management
+  services.gpg-agent = {
+    enable = true;
+
+    # Cache settings for convenience
+    defaultCacheTtl = 43200; # 12 hours (longer default)
+    maxCacheTtl = 86400;     # 24 hours
+
+    # Enable SSH support (optional, useful for SSH key management)
+    enableSshSupport = false;
+
+    # Pin entry program for password prompts
+    pinentry = {
+      package = pkgs.pinentry-curses; # Use curses for terminal, or pkgs.pinentry-gtk2 for GUI
+    };
   };
 
   # Let Home Manager install and manage itself.
diff --git a/.config/home-manager/hosts/default.nix b/.config/home-manager/hosts/default.nix
index f533feb..2f1ff11 100644
--- a/.config/home-manager/hosts/default.nix
+++ b/.config/home-manager/hosts/default.nix
@@ -34,6 +34,8 @@ in
   # Custom configuration using our module
   myConfig = {
     configPath = "${homeDirectory}/.config/home-manager/hosts/default.nix";
+    # Default GPG key (optional - can be left null for no signing)
+    gpgSigningKey = null; # Set to your default key ID if desired
   };
 
   # Optional: Add some debug info to session variables
diff --git a/.config/home-manager/hosts/macbook-air.nix b/.config/home-manager/hosts/macbook-air.nix
index bf9a987..ce2fe17 100644
--- a/.config/home-manager/hosts/macbook-air.nix
+++ b/.config/home-manager/hosts/macbook-air.nix
@@ -13,5 +13,6 @@
   # Custom configuration using our module
   myConfig = {
     configPath = "${config.home.homeDirectory}/.config/home-manager/hosts/macbook-air.nix";
+    gpgSigningKey = "PERSONAL_GPG_KEY_ID_HERE"; # Personal MacBook Air GPG key
   };
 }
diff --git a/.config/home-manager/hosts/work-macbook-pro.nix b/.config/home-manager/hosts/work-macbook-pro.nix
index 5be5cc6..89b4104 100644
--- a/.config/home-manager/hosts/work-macbook-pro.nix
+++ b/.config/home-manager/hosts/work-macbook-pro.nix
@@ -13,5 +13,6 @@
   # Custom configuration using our module
   myConfig = {
     configPath = "${config.home.homeDirectory}/.config/home-manager/hosts/work-macbook-pro.nix";
+    gpgSigningKey = "799887D03FE96FD0"; # Work-specific GPG key
   };
 }
diff --git a/.config/home-manager/modules/machine-config.nix b/.config/home-manager/modules/machine-config.nix
index a3ba73a..693326c 100644
--- a/.config/home-manager/modules/machine-config.nix
+++ b/.config/home-manager/modules/machine-config.nix
@@ -9,6 +9,13 @@ with lib;
       default = "${config.home.homeDirectory}/.config/home-manager/home.nix";
       description = "Path to the home-manager configuration file for this machine";
     };
+
+    gpgSigningKey = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "GPG key ID for signing git commits on this machine";
+      example = "ABC123DEF456";
+    };
   };
 
   config = {
diff --git a/.kshell.sh b/.kshell.sh
deleted file mode 100644
index e7b670f..0000000
--- a/.kshell.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/bash
-
-# Copy and paste this function into your .zshrc or .bashrc to use.
-
-# This function assumes the following:
-#   1. You have fzf (https://github.com/junegunn/fzf) installed
-#   2. You have kubectl installed
-#   3. Your helm managed deployments contain the label 'app.kubernetes.io/instance'
-#      where the value is the name of the helm release
-#   4. Your active kubeconfig context is already pointing to the cluster
-#      and namespace where your helm releases are installed
-
-# Usage:
-# $ kshell (reset|status)
-#
-# Passing "reset" as an argument will prompt you to choose a new helm release,
-# deploy, etc. Otherwise, kshell will remember your previous choices and
-# immediately open up a new shell prompt in your desired Kubernetes workload.
-
-#######################################
-# Opens interactive bash shell in a kubernetes deployment managed by Helm.
-# Globals:
-#   KSHELL_RELEASE
-#   KSHELL_DEPLOY
-#   KSHELL_CONTAINER
-# Arguments:
-#   None
-#######################################
-function kshell {
-  if [[ (-z "$KSHELL_RELEASE" && -z "$KSHELL_DEPLOY" && -z "$KSHELL_CONTAINER") ]]; then
-    configured=false
-  else
-    configured=true
-  fi
-
-  if [[ "$1" == "status" ]]; then
-    if [[ "$configured" == true ]]; then
-      echo "Helm Release: $KSHELL_RELEASE"
-      echo "Deployment:   $KSHELL_DEPLOY"
-      echo "Container:    $KSHELL_CONTAINER"
-    else
-      echo "kshell not configured yet."
-    fi
-
-    return
-  fi
-
-  if [[ "$configured" == false || ("$1" == "reset") ]]; then
-    echo "Choose Helm release"
-    release=$(helm list -q | fzf --height=30% --layout=reverse --border --margin=1 --padding=1)
-    export KSHELL_RELEASE=$release
-
-    echo "Choose deployment"
-    deploy=$(kubectl get deploy -l "app.kubernetes.io/instance=$release" --sort-by=.metadata.creationTimestamp -o name | fzf --height=30% --layout=reverse --border --margin=1 --padding=1)
-    export KSHELL_DEPLOY=$deploy
-
-    echo "Choose container"
-    containers=$(kubectl get "$deploy" -o jsonpath='{range .spec.template.spec.containers[*]}{.name}{"\n"}{end}')
-    container=$(echo "$containers" | fzf --height=30% --layout=reverse --border --margin=1 --padding=1)
-    export KSHELL_CONTAINER=$container
-  fi
-
-  kubectl exec -it "$deploy" -c "$container" -- bash
-}