Refactor configs into modules

1 files changed, 60 insertions, 0 deletions

diff --git a/modules/yubikey.nix b/modules/yubikey.nix
new file mode 100644
index 0000000..971ac1f
--- /dev/null
+++ b/modules/yubikey.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.orbekk.yubikey;
+
+  yubikey-pkgs = with pkgs; [
+    ccid
+    libu2f-host
+    libusb
+    rng_tools
+    yubikey-manager
+    yubikey-personalization
+    gnupg
+    pinentry
+  ];
+in
+{
+  options = {
+    orbekk.yubikey = {
+      enable = lib.mkEnableOption "Enable yubikey config";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.pcscd.enable = true;
+    services.udev.packages = with pkgs; [
+      libu2f-host
+      yubikey-personalization
+    ];
+
+    programs.gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    # Use GPG agent instead.
+    programs.ssh.startAgent = lib.mkDefault false;
+
+    environment = {
+      systemPackages = yubikey-pkgs;
+    };
+
+    security.sudo.extraRules = [
+      {
+        groups = [ "wheel" ];
+        commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ];
+      }
+    ];
+
+    systemd.user.services.restart-pcscd = {
+      description = "Restart pcscd on startup";
+      wantedBy = [ "graphical-session.target" ];
+      partOf = [ "graphical-session.target" ];
+      serviceConfig = {
+        ExecStart = ''
+        sudo systemctl restart pcscd
+      '';
+        Type = "oneshot";
+      };
+    };
+  };
+}