diff options
| -rw-r--r-- | config/yubikey.nix | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/config/yubikey.nix b/config/yubikey.nix index 275a645..6275de0 100644 --- a/config/yubikey.nix +++ b/config/yubikey.nix @@ -13,7 +13,6 @@ let in { services.pcscd.enable = true; - environment.systemPackages = yubikey-pkgs; services.udev.packages = yubikey-pkgs; # Use GPG agent instead. @@ -32,8 +31,19 @@ in }; }; - environment.variables = { - SSH_AUTH_SOCK = - ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}/gnupg/S.gpg-agent.ssh''; + environment = { + systemPackages = yubikey-pkgs; + + # Without this, the gpg-agent has no way to ask the user for a password + # when invoked from ssh. + # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851440 + extraInit = '' + gpg-connect-agent updatestartuptty /bye + ''; + + variables = { + SSH_AUTH_SOCK = + ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}/gnupg/S.gpg-agent.ssh''; + }; }; } |