diff options
author | Kjetil Orbekk <kj@orbekk.com> | 2021-03-07 15:11:56 -0500 |
---|---|---|
committer | Kjetil Orbekk <kj@orbekk.com> | 2021-03-07 15:11:56 -0500 |
commit | 78529ae2641e8645ee3459753819d0ecff655d86 (patch) | |
tree | 03f2f8e25ad0decd0f6dcd0a65664a8f7a90796a /modules/yubikey.nix | |
parent | 46e1d2a1552d4aaad676faf49cb0582515d62c86 (diff) |
Refactor configs into modules
Diffstat (limited to 'modules/yubikey.nix')
-rw-r--r-- | modules/yubikey.nix | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/modules/yubikey.nix b/modules/yubikey.nix new file mode 100644 index 0000000..971ac1f --- /dev/null +++ b/modules/yubikey.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.yubikey; + + yubikey-pkgs = with pkgs; [ + ccid + libu2f-host + libusb + rng_tools + yubikey-manager + yubikey-personalization + gnupg + pinentry + ]; +in +{ + options = { + orbekk.yubikey = { + enable = lib.mkEnableOption "Enable yubikey config"; + }; + }; + + config = lib.mkIf cfg.enable { + services.pcscd.enable = true; + services.udev.packages = with pkgs; [ + libu2f-host + yubikey-personalization + ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + # Use GPG agent instead. + programs.ssh.startAgent = lib.mkDefault false; + + environment = { + systemPackages = yubikey-pkgs; + }; + + security.sudo.extraRules = [ + { + groups = [ "wheel" ]; + commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ]; + } + ]; + + systemd.user.services.restart-pcscd = { + description = "Restart pcscd on startup"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig = { + ExecStart = '' + sudo systemctl restart pcscd + ''; + Type = "oneshot"; + }; + }; + }; +} |