move various hardware configs around

author: Ethel Morgan <eth@ethulhu.co.uk> 2020-05-29 21:59:17 +0100
committer: Ethel Morgan <eth@ethulhu.co.uk> 2020-05-29 21:59:17 +0100
commit: 5111fcc4a49bcef1c336e03f5279d053bae3806c (patch)
tree: 9b4c4fb32baa690238a9d9965e5fc0690c0790d4 /nixos/modules/hardware/yubikey.nix
parent: 3fa100e7539e25e60d4094d43cb69ae663742556 (diff)
1 files changed, 47 insertions, 0 deletions
diff --git a/nixos/modules/hardware/yubikey.nix b/nixos/modules/hardware/yubikey.nix
new file mode 100644
index 0000000..0c16807
--- /dev/null
+++ b/nixos/modules/hardware/yubikey.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let 
+  cfg = config.eth.yubikey;
+
+in {
+
+  options.eth.yubikey = {
+    enable = mkEnableOption "Set up Yubikey";
+  };
+
+  config = mkIf cfg.enable {
+
+    hardware.u2f.enable = true;
+
+    programs.ssh.startAgent = false;
+
+    programs.gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+      pinentryFlavor = "curses";
+    };
+
+    services.pcscd.enable = true;
+
+    services.udev.packages = with pkgs; [
+      libu2f-host
+      yubikey-personalization
+    ];
+
+    environment.systemPackages = with pkgs; [
+      gnupg
+      pinentry-curses
+    ];
+
+    environment.shellInit = ''
+      gpg-connect-agent /bye
+      export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+    '';
+    programs.fish.shellInit = ''
+      gpg-connect-agent /bye
+      set -Ux SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
+    '';
+
+  };
+}
author	Ethel Morgan <eth@ethulhu.co.uk>	2020-05-29 21:59:17 +0100
committer	Ethel Morgan <eth@ethulhu.co.uk>	2020-05-29 21:59:17 +0100
commit	5111fcc4a49bcef1c336e03f5279d053bae3806c (patch)
tree	9b4c4fb32baa690238a9d9965e5fc0690c0790d4 /nixos/modules/hardware/yubikey.nix
parent	3fa100e7539e25e60d4094d43cb69ae663742556 (diff)