From bea093f375c3782120955e3a8485f269243cd716 Mon Sep 17 00:00:00 2001
From: lassulus <lass@xerxes.r>
Date: Mon, 14 Oct 2019 15:11:43 +0200
Subject: [PATCH] l baseX: add yubikey config

---
 lass/2configs/baseX.nix   |  3 ++-
 lass/2configs/yubikey.nix | 25 +++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 lass/2configs/yubikey.nix

diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix
index ecbb7541f..4cc42db2b 100644
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@@ -10,6 +10,7 @@ in {
     ./copyq.nix
     ./urxvt.nix
     ./xdg-open.nix
+    ./yubikey.nix
     {
       hardware.pulseaudio = {
         enable = true;
@@ -54,7 +55,7 @@ in {
   time.timeZone = "Europe/Berlin";
 
   programs.ssh.agentTimeout = "10m";
-  programs.ssh.startAgent = true;
+  programs.ssh.startAgent = false;
   services.openssh.forwardX11 = true;
 
   environment.systemPackages = with pkgs; [
diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix
new file mode 100644
index 000000000..e6482c58c
--- /dev/null
+++ b/lass/2configs/yubikey.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    yubikey-personalization
+  ];
+
+  services.udev.packages = with pkgs; [ yubikey-personalization ];
+  services.pcscd.enable = true;
+
+  environment.shellInit = ''
+    if [ "$UID" -eq 1337 ]; then
+      export GPG_TTY="$(tty)"
+      gpg-connect-agent /bye
+      export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+    fi
+  '';
+
+  programs = {
+    ssh.startAgent = false;
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+  };
+}