{
	secret,
	pkgs,
	...
}: {
	file = (pkgs.formats.gitIni { listsAsDuplicateKeys = true; }).generate "GitConfig" {
		gpg.format                 = secret.crypto.sign.git.format;
		gpg.ssh.allowedSignersFile = toString secret.crypto.sign.git.allowed;
		init.defaultBranch         = "main";
		pull.rebase                = true;
		push.autoSetupRemote       = true;
		rebase.autoStash           = true;
		safe.directory             = "*";
		user.signingkey            = builtins.readFile secret.crypto.sign.git.key;
	};
}