yubikey: Provide ssh keys through gpg-agent.

author: Kjetil Orbekk <kjetil.orbekk@gmail.com> 2017-05-20 09:18:58 -0400
committer: Kjetil Orbekk <kjetil.orbekk@gmail.com> 2017-05-20 09:21:00 -0400
commit: 252e8bdf5aa5d5e306a657a4cfb6700eab1dbe62 (patch)
tree: 2247cd65d9d9b0697fb7fecfa269cb2166903b6a /config
parent: 5a01692206bbc1181adff315a2bf8cb5a706a075 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/config/yubikey.nix b/config/yubikey.nix
index 0d3964c..275a645 100644
--- a/config/yubikey.nix
+++ b/config/yubikey.nix
@@ -15,4 +15,25 @@ in
   services.pcscd.enable = true;
   environment.systemPackages = yubikey-pkgs;
   services.udev.packages = yubikey-pkgs;
+
+  # Use GPG agent instead.
+  programs.ssh.startAgent = false;
+
+  systemd.user.services.gpg-agent = {
+    path = [ pkgs.gnupg ];
+    description = "SSH Agent";
+    wantedBy = [ "default.target" ];
+    serviceConfig = {
+      ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/gnupg/S.gpg-agent.ssh";
+      ExecStart =
+          "${pkgs.gnupg}/bin/gpg-agent --enable-ssh-support --daemon";
+      Type = "forking";
+      Restart = "on-failure";
+    };
+  };
+
+  environment.variables = {
+    SSH_AUTH_SOCK =
+        ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}/gnupg/S.gpg-agent.ssh'';
+  };
 }
author	Kjetil Orbekk <kjetil.orbekk@gmail.com>	2017-05-20 09:18:58 -0400
committer	Kjetil Orbekk <kjetil.orbekk@gmail.com>	2017-05-20 09:21:00 -0400
commit	252e8bdf5aa5d5e306a657a4cfb6700eab1dbe62 (patch)
tree	2247cd65d9d9b0697fb7fecfa269cb2166903b6a /config
parent	5a01692206bbc1181adff315a2bf8cb5a706a075 (diff)