1
0
nixfiles/configuration/gpg-ssh/default.nix

41 lines
962 B
Nix

{ pkgs, lib, ... }:
{
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = lib.mkDefault pkgs.pinentry-curses;
};
environment.systemPackages = with pkgs; [
gnupg
yubikey-personalization
# Add wrapper around ssh that takes the gnupg ssh-agent
# instead of gnome-keyring
ssh-gpg
];
services.pcscd.enable = true;
# pcscd sometimes breaks and seem to need a manual restart
# so we allow users to restart that service themself
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (
action.id == "org.freedesktop.systemd1.manage-units"
&& action.lookup("unit") == "pcscd.service"
&& action.lookup("verb") == "restart"
&& subject.isInGroup("users")
) {
return polkit.Result.YES;
}
});
'';
services.udev.packages = with pkgs; [
yubikey-personalization
];
}