diff options
Diffstat (limited to 'config/yubikey.nix')
-rw-r--r-- | config/yubikey.nix | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/config/yubikey.nix b/config/yubikey.nix index 20ed513..4565306 100644 --- a/config/yubikey.nix +++ b/config/yubikey.nix @@ -15,7 +15,7 @@ in { services.pcscd.enable = true; services.udev.packages = with pkgs; [ - libu2f-host + # libu2f-host yubikey-personalization ]; @@ -24,7 +24,7 @@ in enableSSHSupport = true; }; # Use GPG agent instead. - # programs.ssh.startAgent = false; + programs.ssh.startAgent = lib.mkDefault false; # systemd.user.services.gpg-agent = { # path = [ pkgs.gnupg ]; @@ -45,12 +45,18 @@ in environment = { systemPackages = yubikey-pkgs; + shellInit = '' + export GPG_TTY="$(tty)" + gpg-connect-agent /bye + export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + ''; + # Without this, the gpg-agent has no way to ask the user for a password # when invoked from ssh. # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851440 - extraInit = '' - gpg-connect-agent updatestartuptty /bye - ''; + # extraInit = '' + # gpg-connect-agent updatestartuptty /bye + # ''; # variables = { # SSH_AUTH_SOCK = |