l yubikey: make more robust, add some hacks

This commit is contained in:
lassulus 2020-01-11 21:00:01 +01:00
parent 9ff12837cd
commit 6b5c205e6b

View File

@ -2,16 +2,29 @@
{
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-manager
];
services.udev.packages = with pkgs; [ yubikey-personalization ];
services.pcscd.enable = true;
systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ];
##restart pcscd if yubikey is plugged in
#services.udev.extraRules = ''
# ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" ''
# ${pkgs.systemd}/bin/systemctl restart pcscd.service
# ''}"
#'';
environment.shellInit = ''
if [ "$UID" -eq 1337 ]; then
if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
if [ -z "$SSH_AUTH_SOCK" ]; then
export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
fi
fi
'';
@ -19,7 +32,7 @@
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
# enableSSHSupport = true;
};
};
}