This repository has been archived on 2023-08-08. You can view files and clone it, but cannot push or open issues or pull requests.
nil/modules/system/yubikey.nix

56 lines
1.5 KiB
Nix
Raw Normal View History

{ config, lib, pkgs, user, ... }:
2022-05-03 04:12:30 +00:00
let
2022-08-14 02:42:16 +00:00
this = config.my.system.yubikey;
2022-08-14 02:42:04 +00:00
graphical = config.my.graphical;
in
with lib; {
2022-08-14 02:42:04 +00:00
options.my.system.yubikey.enable = mkEnableOption "Yubikey";
2022-05-03 04:12:30 +00:00
2022-08-14 02:42:16 +00:00
config = mkIf this.enable {
2022-05-03 04:12:30 +00:00
services.udev.packages = with pkgs; [ yubikey-personalization ];
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
programs = {
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = if graphical.enable then "gnome3" else "curses";
};
};
# security.pam = {
# yubico = {
# enable = true;
# mode = "challenge-response";
# control = "required"; # oh boy.
# };
# };
environment.systemPackages = with pkgs;
[ yubioath-desktop pinentry-curses ]
++ optionals (graphical.enable) [ pinentry-gnome ];
home-manager.users."${user.name}".home = {
2022-05-03 04:12:30 +00:00
packages = with pkgs;
[ yubikey-manager yubikey-personalization ]
++ optionals (graphical.enable) [
yubikey-manager-qt
yubikey-personalization-gui
];
file.".gnupg/gpg-agent.config" = {
text =
if graphical.enable then
"pinentry-program ${pkgs.pinentry-gnome}/bin/pinentry"
else
"pinentry-program ${pkgs.pinentry-curses}/bin/pinentry";
2022-05-03 04:12:30 +00:00
};
};
};
}