diff options
| author | Ethel Morgan <eth@ethulhu.co.uk> | 2020-05-18 11:28:39 +0100 |
|---|---|---|
| committer | Ethel Morgan <eth@ethulhu.co.uk> | 2020-05-18 11:28:39 +0100 |
| commit | 320f870e99c9328e3e04d37dc86afc116f7412cb (patch) | |
| tree | 45be5fbb235d1a3006cc04cb54a3bd189ab73596 | |
| parent | 3d313eb73640dc2782688f511dab7a70c7df20d0 (diff) | |
extract YubiKey setup to modules/yubikey.nix
| -rw-r--r-- | module-list.nix | 1 | ||||
| -rw-r--r-- | modules/yubikey.nix | 47 |
2 files changed, 48 insertions, 0 deletions
diff --git a/module-list.nix b/module-list.nix index 1fe33b7..3bb9ee3 100644 --- a/module-list.nix +++ b/module-list.nix @@ -1,3 +1,4 @@ [ ./modules/keyboard.nix + ./modules/yubikey.nix ] diff --git a/modules/yubikey.nix b/modules/yubikey.nix new file mode 100644 index 0000000..0c16807 --- /dev/null +++ b/modules/yubikey.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +with lib; + +let + cfg = config.eth.yubikey; + +in { + + options.eth.yubikey = { + enable = mkEnableOption "Set up Yubikey"; + }; + + config = mkIf cfg.enable { + + hardware.u2f.enable = true; + + programs.ssh.startAgent = false; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryFlavor = "curses"; + }; + + services.pcscd.enable = true; + + services.udev.packages = with pkgs; [ + libu2f-host + yubikey-personalization + ]; + + environment.systemPackages = with pkgs; [ + gnupg + pinentry-curses + ]; + + environment.shellInit = '' + gpg-connect-agent /bye + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) + ''; + programs.fish.shellInit = '' + gpg-connect-agent /bye + set -Ux SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) + ''; + + }; +} |