Add yubikey options
coded@clicks.codes owns 2 YubiKeys, I own 3. It's therefore important to
have YubiKey options. In particular, we need to install and configure
the following programs
- ykman: A good tool for configuring YubiKeys, it's what we use, at
least
- pcscd: A daemon required for ykman, we also use it with pgp by using
the disable-ccid option for its smartcard daemon
- scdaemon: The smartcard daemon used by pgp, interfaces with YubiKeys
for pgp smartcard operations. It uses either its own thing
(ccid) which conflicts with pcscd (and therefore ykman) or
pcscd. We want it to use pcscd
Change-Id: I237274c2c6362d3201a34828e34d55fdb9f35258
Reviewed-on: https://git.clicks.codes/c/Chimera/NixFiles/+/431
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/homes/x86_64-linux/coded@shorthair/default.nix b/homes/x86_64-linux/coded@shorthair/default.nix
index b5d89e7..e8695c9 100644
--- a/homes/x86_64-linux/coded@shorthair/default.nix
+++ b/homes/x86_64-linux/coded@shorthair/default.nix
@@ -106,9 +106,7 @@
};
};
- programs.gpg.scdaemonSettings = {
- disable-ccid = true;
- };
+ yubikey.enable = true;
programs.git.includes = [{
condition = "gitdir:~/programming/nix/frappix/";
diff --git a/homes/x86_64-linux/minion@greylag/default.nix b/homes/x86_64-linux/minion@greylag/default.nix
index 101a6bd..d2233fb 100644
--- a/homes/x86_64-linux/minion@greylag/default.nix
+++ b/homes/x86_64-linux/minion@greylag/default.nix
@@ -23,10 +23,6 @@
greylag
'';
- programs.gpg.scdaemonSettings = {
- reader-port = "Yubico Yubi";
- };
-
programs.git.extraConfig.alias = {
recommit = "!git commit --verbose -eF $(git rev-parse --git-dir)/COMMIT_EDITMSG";
graph = "log --graph --oneline --decorate";
@@ -149,6 +145,8 @@
minecraft.enable = true;
itch.enable = true;
};
+
+ yubikey.enable = true;
};
services.nextcloud-client = {
diff --git a/modules/home/gpg/default.nix b/modules/home/gpg/default.nix
index 9384c96..d4a4762 100644
--- a/modules/home/gpg/default.nix
+++ b/modules/home/gpg/default.nix
@@ -10,7 +10,15 @@
};
config = lib.mkIf config.chimera.gpg.enable {
- programs.gpg.enable = true;
+ programs.gpg = {
+ enable = true;
+
+ scdaemonSettings = lib.mkIf config.chimera.yubikey.enable {
+ reader-port = "Yubico Yubi";
+ disable-ccid = true;
+ };
+ };
+
services.gpg-agent = {
enable = true;
pinentryFlavor = "tty";
diff --git a/modules/home/yubikey/default.nix b/modules/home/yubikey/default.nix
new file mode 100644
index 0000000..f9c32e0
--- /dev/null
+++ b/modules/home/yubikey/default.nix
@@ -0,0 +1,5 @@
+{ config, lib, ... }: {
+ options = {
+ chimera.yubikey.enable = lib.mkEnableOption "Enable support for YuibKeys";
+ };
+}
diff --git a/modules/nixos/yubikey/default.nix b/modules/nixos/yubikey/default.nix
new file mode 100644
index 0000000..c3b7e12
--- /dev/null
+++ b/modules/nixos/yubikey/default.nix
@@ -0,0 +1,9 @@
+{ config, lib, ... }: {
+ options = {
+ chimera.yubikey.enable = lib.mkEnableOption "Enable support for YuibKeys";
+ };
+
+ config = lib.mkIf config.chimera.yubikey.enable {
+ services.pcscd.enable = true;
+ };
+}
diff --git a/result b/result
new file mode 120000
index 0000000..9e2494e
--- /dev/null
+++ b/result
@@ -0,0 +1 @@
+/nix/store/n40mk5rhj20fqxkxsv88vnvaabilyixa-nixos-system-greylag-24.05.20240228.9099616
\ No newline at end of file
diff --git a/systems/x86_64-linux/greylag/default.nix b/systems/x86_64-linux/greylag/default.nix
index ae93033..47a6400 100644
--- a/systems/x86_64-linux/greylag/default.nix
+++ b/systems/x86_64-linux/greylag/default.nix
@@ -12,5 +12,6 @@
./networking
./time
./users
+ ./yubikey
];
}
diff --git a/systems/x86_64-linux/greylag/yubikey/default.nix b/systems/x86_64-linux/greylag/yubikey/default.nix
new file mode 100644
index 0000000..5194cd7
--- /dev/null
+++ b/systems/x86_64-linux/greylag/yubikey/default.nix
@@ -0,0 +1,5 @@
+{ config, lib, pkgs, ... }:
+
+{
+ chimera.yubikey.enable = true;
+}
diff --git a/systems/x86_64-linux/shorthair/default.nix b/systems/x86_64-linux/shorthair/default.nix
index ffb1dd0..a0106ab 100644
--- a/systems/x86_64-linux/shorthair/default.nix
+++ b/systems/x86_64-linux/shorthair/default.nix
@@ -10,5 +10,6 @@
./openrgb
./users
./time
+ ./yubikey
];
}
diff --git a/systems/x86_64-linux/shorthair/yubikey/default.nix b/systems/x86_64-linux/shorthair/yubikey/default.nix
new file mode 100644
index 0000000..5194cd7
--- /dev/null
+++ b/systems/x86_64-linux/shorthair/yubikey/default.nix
@@ -0,0 +1,5 @@
+{ config, lib, pkgs, ... }:
+
+{
+ chimera.yubikey.enable = true;
+}