diff options
author | lassulus <lassulus@lassul.us> | 2020-01-11 21:00:01 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2020-01-11 21:00:01 +0100 |
commit | 6b5c205e6b4d5e904bc3f0d0090ec0d9fcbdc0d9 (patch) | |
tree | 1e0e6c58dcde605f7caf266c4ec18d1c8352ce9c | |
parent | 9ff12837cd1f84e24a211f896a01a70602b09746 (diff) |
l yubikey: make more robust, add some hacks
-rw-r--r-- | lass/2configs/yubikey.nix | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix index e6482c58c..9ab6b6ccb 100644 --- a/lass/2configs/yubikey.nix +++ b/lass/2configs/yubikey.nix @@ -2,16 +2,29 @@ { environment.systemPackages = with pkgs; [ yubikey-personalization + yubikey-manager ]; services.udev.packages = with pkgs; [ yubikey-personalization ]; services.pcscd.enable = true; + systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ]; + + ##restart pcscd if yubikey is plugged in + #services.udev.extraRules = '' + # ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" '' + # ${pkgs.systemd}/bin/systemctl restart pcscd.service + # ''}" + #''; environment.shellInit = '' - if [ "$UID" -eq 1337 ]; then + if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then export GPG_TTY="$(tty)" - gpg-connect-agent /bye + gpg-connect-agent --quiet updatestartuptty /bye > /dev/null export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" + if [ -z "$SSH_AUTH_SOCK" ]; then + export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) + fi + fi ''; @@ -19,7 +32,7 @@ ssh.startAgent = false; gnupg.agent = { enable = true; - enableSSHSupport = true; + # enableSSHSupport = true; }; }; } |