2024-04-15 08:44:09 +02:00
|
|
|
{ pkgs, lib, ... }:
|
|
|
|
|
2024-10-22 18:01:37 +02:00
|
|
|
let
|
2024-04-15 08:44:09 +02:00
|
|
|
|
2024-10-22 18:01:37 +02:00
|
|
|
custom_gnupg = pkgs.gnupg.overrideAttrs (final: prev: {
|
|
|
|
configureFlags = prev.configureFlags ++ [
|
|
|
|
# Make sure scdaemon never ever again tries to use its own ccid driver
|
|
|
|
"--disable-ccid-driver"
|
|
|
|
];
|
|
|
|
});
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
|
|
|
programs.gnupg.package = custom_gnupg;
|
2024-04-15 08:44:09 +02:00
|
|
|
programs.gnupg.agent = {
|
|
|
|
enable = true;
|
|
|
|
enableSSHSupport = true;
|
|
|
|
pinentryPackage = lib.mkDefault pkgs.pinentry-curses;
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
2024-10-22 18:01:37 +02:00
|
|
|
custom_gnupg
|
2024-04-15 09:13:57 +02:00
|
|
|
yubikey-personalization
|
2024-08-04 15:23:17 +02:00
|
|
|
openpgp-card-tools
|
2024-04-15 08:44:09 +02:00
|
|
|
|
|
|
|
# Add wrapper around ssh that takes the gnupg ssh-agent
|
|
|
|
# instead of gnome-keyring
|
|
|
|
ssh-gpg
|
|
|
|
];
|
|
|
|
|
|
|
|
services.pcscd.enable = true;
|
|
|
|
|
2024-05-02 11:31:54 +02:00
|
|
|
# pcscd sometimes breaks and seem to need a manual restart
|
|
|
|
# so we allow users to restart that service themself
|
|
|
|
security.polkit.extraConfig = ''
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
if (
|
|
|
|
action.id == "org.freedesktop.systemd1.manage-units"
|
|
|
|
&& action.lookup("unit") == "pcscd.service"
|
|
|
|
&& action.lookup("verb") == "restart"
|
|
|
|
&& subject.isInGroup("users")
|
|
|
|
) {
|
|
|
|
return polkit.Result.YES;
|
|
|
|
}
|
|
|
|
});
|
|
|
|
'';
|
|
|
|
|
2024-04-15 09:13:57 +02:00
|
|
|
services.udev.packages = with pkgs; [
|
|
|
|
yubikey-personalization
|
|
|
|
];
|
2024-04-15 08:44:09 +02:00
|
|
|
}
|