diff options
Diffstat (limited to 'modules/yubikey.nix')
-rw-r--r-- | modules/yubikey.nix | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/modules/yubikey.nix b/modules/yubikey.nix new file mode 100644 index 0000000..971ac1f --- /dev/null +++ b/modules/yubikey.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.orbekk.yubikey; + + yubikey-pkgs = with pkgs; [ + ccid + libu2f-host + libusb + rng_tools + yubikey-manager + yubikey-personalization + gnupg + pinentry + ]; +in +{ + options = { + orbekk.yubikey = { + enable = lib.mkEnableOption "Enable yubikey config"; + }; + }; + + config = lib.mkIf cfg.enable { + services.pcscd.enable = true; + services.udev.packages = with pkgs; [ + libu2f-host + yubikey-personalization + ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + # Use GPG agent instead. + programs.ssh.startAgent = lib.mkDefault false; + + environment = { + systemPackages = yubikey-pkgs; + }; + + security.sudo.extraRules = [ + { + groups = [ "wheel" ]; + commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ]; + } + ]; + + systemd.user.services.restart-pcscd = { + description = "Restart pcscd on startup"; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig = { + ExecStart = '' + sudo systemctl restart pcscd + ''; + Type = "oneshot"; + }; + }; + }; +} |