From 252e8bdf5aa5d5e306a657a4cfb6700eab1dbe62 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kjetil.orbekk@gmail.com>
Date: Sat, 20 May 2017 09:18:58 -0400
Subject: yubikey: Provide ssh keys through gpg-agent.

---
 config/yubikey.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'config/yubikey.nix')

diff --git a/config/yubikey.nix b/config/yubikey.nix
index 0d3964c..275a645 100644
--- a/config/yubikey.nix
+++ b/config/yubikey.nix
@@ -15,4 +15,25 @@ in
   services.pcscd.enable = true;
   environment.systemPackages = yubikey-pkgs;
   services.udev.packages = yubikey-pkgs;
+
+  # Use GPG agent instead.
+  programs.ssh.startAgent = false;
+
+  systemd.user.services.gpg-agent = {
+    path = [ pkgs.gnupg ];
+    description = "SSH Agent";
+    wantedBy = [ "default.target" ];
+    serviceConfig = {
+      ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/gnupg/S.gpg-agent.ssh";
+      ExecStart =
+          "${pkgs.gnupg}/bin/gpg-agent --enable-ssh-support --daemon";
+      Type = "forking";
+      Restart = "on-failure";
+    };
+  };
+
+  environment.variables = {
+    SSH_AUTH_SOCK =
+        ''''${XDG_RUNTIME_DIR:-"/run/user/\$(id -u)"}/gnupg/S.gpg-agent.ssh'';
+  };
 }
-- 
cgit v1.2.3