nixos/modules/hardware/yubikey.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

{ config, lib, pkgs, ... }:
with lib;

let 
  cfg = config.eth.yubikey;

in {

  options.eth.yubikey = {
    enable = mkEnableOption "Set up Yubikey";
  };

  config = mkIf cfg.enable {

    hardware.u2f.enable = true;

    programs.ssh.startAgent = false;

    programs.gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryFlavor = "curses";
    };

    services.pcscd.enable = true;

    services.udev.packages = with pkgs; [
      libu2f-host
      yubikey-personalization
    ];

    environment.systemPackages = with pkgs; [
      gnupg
      pinentry-curses
    ];

    environment.shellInit = ''
      gpg-connect-agent /bye
      export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
    '';
    programs.fish.shellInit = ''
      gpg-connect-agent /bye
      set -Ux SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
    '';

  };
}