From 320f870e99c9328e3e04d37dc86afc116f7412cb Mon Sep 17 00:00:00 2001 From: Ethel Morgan Date: Mon, 18 May 2020 11:28:39 +0100 Subject: extract YubiKey setup to modules/yubikey.nix --- module-list.nix | 1 + modules/yubikey.nix | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 modules/yubikey.nix diff --git a/module-list.nix b/module-list.nix index 1fe33b7..3bb9ee3 100644 --- a/module-list.nix +++ b/module-list.nix @@ -1,3 +1,4 @@ [ ./modules/keyboard.nix + ./modules/yubikey.nix ] diff --git a/modules/yubikey.nix b/modules/yubikey.nix new file mode 100644 index 0000000..0c16807 --- /dev/null +++ b/modules/yubikey.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +with lib; + +let + cfg = config.eth.yubikey; + +in { + + options.eth.yubikey = { + enable = mkEnableOption "Set up Yubikey"; + }; + + config = mkIf cfg.enable { + + hardware.u2f.enable = true; + + programs.ssh.startAgent = false; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryFlavor = "curses"; + }; + + services.pcscd.enable = true; + + services.udev.packages = with pkgs; [ + libu2f-host + yubikey-personalization + ]; + + environment.systemPackages = with pkgs; [ + gnupg + pinentry-curses + ]; + + environment.shellInit = '' + gpg-connect-agent /bye + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) + ''; + programs.fish.shellInit = '' + gpg-connect-agent /bye + set -Ux SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket) + ''; + + }; +} -- cgit v1.2.3