l baseX: add yubikey config

2019-10-14 15:11:43 +02:00 · 2019-10-14 15:11:43 +02:00 · bea093f375
parent cae3d30b60
commit bea093f375
2 changed files with 27 additions and 1 deletions
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@ -10,6 +10,7 @@ in {
    ./copyq.nix
    ./urxvt.nix
    ./xdg-open.nix
+    ./yubikey.nix
    {
      hardware.pulseaudio = {
        enable = true;
@ -54,7 +55,7 @@ in {
  time.timeZone = "Europe/Berlin";

  programs.ssh.agentTimeout = "10m";
-  programs.ssh.startAgent = true;
+  programs.ssh.startAgent = false;
  services.openssh.forwardX11 = true;

  environment.systemPackages = with pkgs; [
--- a/lass/2configs/yubikey.nix
+++ b/lass/2configs/yubikey.nix
@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    yubikey-personalization
+  ];
+
+  services.udev.packages = with pkgs; [ yubikey-personalization ];
+  services.pcscd.enable = true;
+
+  environment.shellInit = ''
+    if [ "$UID" -eq 1337 ]; then
+      export GPG_TTY="$(tty)"
+      gpg-connect-agent /bye
+      export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+    fi
+  '';
+
+  programs = {
+    ssh.startAgent = false;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+}