{pkgs, ...}: {
  programs.git = {
    enable = true;
    lfs.enable = true;

    # 1. Update the signing configuration
    signing = {
      format = "ssh";
      key = "/home/user/.secrets/SSH/Aloria/id_ed25519";
      signByDefault = true;
    };

    settings = {
      alias = {
        s = "status";
        a = "add";
      };
      user = {
        name = "Thomas Avé";
        email = "email@thomasave.be";
      };

      # 2. Tell Git where your allowed_signers file is located
      gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers";

      credentials.helper = "store";
      pull.rebase = false;
      push.autoSetupRemove = true;
      branch.autoSetupMerge = true;
      init.defaultBranch = "master";
      diff.noprefix = true;
      color.ui = "auto";
      core = {
        excludesfile = "~/.gitignore";
        editor = "${pkgs.neovim}/bin/nvim";
      };
      rerere.enabled = true;
    };

    ignores = [
      "*.direnv/"
      "*.nix/"
      "uv.lock"
      ".dmypy.json"
    ];
  };

  programs.lazygit = {
    enable = true;
    settings = {
      os = {
        editPreset = "nvim";
        autoStageResolvedConflicts = false;
      };
    };
  };

  # 3. Declaratively create the allowed_signers file (Assuming Home Manager)
  home.file.".ssh/allowed_signers".text = ''
    email@thomasave.be namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxMq4kubz4wWr4S8xU3GRkPcn6XRS3y7IP+qylN5QAp user@Aloria
  '';
}