l yubikey: make more robust, add some hacks

2020-01-11 21:00:01 +01:00 · 2020-01-11 21:00:01 +01:00 · 6b5c205e6b
parent 9ff12837cd
commit 6b5c205e6b
1 changed files with 16 additions and 3 deletions
--- a/lass/2configs/yubikey.nix
+++ b/lass/2configs/yubikey.nix
@ -2,16 +2,29 @@
 {
  environment.systemPackages = with pkgs; [
    yubikey-personalization
+    yubikey-manager
  ];

  services.udev.packages = with pkgs; [ yubikey-personalization ];
  services.pcscd.enable = true;
+  systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ];
+
+  ##restart pcscd if yubikey is plugged in
+  #services.udev.extraRules = ''
+  #  ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" ''
+  #    ${pkgs.systemd}/bin/systemctl restart pcscd.service
+  #  ''}"
+  #'';

  environment.shellInit = ''
-    if [ "$UID" -eq 1337 ]; then
+    if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then
      export GPG_TTY="$(tty)"
-      gpg-connect-agent /bye
+      gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
      export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+      if [ -z "$SSH_AUTH_SOCK" ]; then
+        export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
+      fi
+
    fi
  '';

@ -19,7 +32,7 @@
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
-      enableSSHSupport = true;
+      # enableSSHSupport = true;
    };
  };
 }