diff options
author | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2017-05-20 09:18:58 -0400 |
---|---|---|
committer | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2017-05-20 09:21:00 -0400 |
commit | 252e8bdf5aa5d5e306a657a4cfb6700eab1dbe62 (patch) | |
tree | 2247cd65d9d9b0697fb7fecfa269cb2166903b6a /config/yubikey.nix | |
parent | 5a01692206bbc1181adff315a2bf8cb5a706a075 (diff) |
yubikey: Provide ssh keys through gpg-agent.
Diffstat (limited to 'config/yubikey.nix')
-rw-r--r-- | config/yubikey.nix | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/config/yubikey.nix b/config/yubikey.nix index 0d3964c..275a645 100644 --- a/config/yubikey.nix +++ b/config/yubikey.nix @@ -15,4 +15,25 @@ in services.pcscd.enable = true; environment.systemPackages = yubikey-pkgs; services.udev.packages = yubikey-pkgs; + + # Use GPG agent instead. + programs.ssh.startAgent = false; + + systemd.user.services.gpg-agent = { + path = [ pkgs.gnupg ]; + description = "SSH Agent"; + wantedBy = [ "default.target" ]; + serviceConfig = { + ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/gnupg/S.gpg-agent.ssh"; + ExecStart = + "${pkgs.gnupg}/bin/gpg-agent --enable-ssh-support --daemon"; + Type = "forking"; + Restart = "on-failure"; + }; + }; + + environment.variables = { + SSH_AUTH_SOCK = + ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}/gnupg/S.gpg-agent.ssh''; + }; } |