Yubikey module
This commit is contained in:
commit
7da1cb3caa
25
flake.lock
Normal file
25
flake.lock
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1637156900,
|
||||||
|
"narHash": "sha256-nusyaSsL1RLyUEWufUUywDrGKMXw+4ugSSZ3ss8TSuw=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "12fc0f19fefa9dff68bc3e0938b815ab8d89df90",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
||||||
8
flake.nix
Normal file
8
flake.nix
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{
|
||||||
|
description = "Yubikey module";
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs }: {
|
||||||
|
|
||||||
|
nixosModule = import ./modules/yubikey/default.nix;
|
||||||
|
};
|
||||||
|
}
|
||||||
48
modules/yubikey/default.nix
Normal file
48
modules/yubikey/default.nix
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
{ config, lib, pkgs, ...}:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
cfg = config.programs.yubikey;
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options.programs.yubikey = {
|
||||||
|
enable = mkEnableOption "Yubikey";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
yubikey-personalization
|
||||||
|
];
|
||||||
|
services.udev = {
|
||||||
|
packages = with pkgs; [
|
||||||
|
yubikey-personalization
|
||||||
|
];
|
||||||
|
extraRules = ''
|
||||||
|
# Yubikey: create a symlink when key is plugged in, register this in systemd
|
||||||
|
# ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", SYMLINK+="yubikey", TAG+="systemd"
|
||||||
|
# Yubikey: create a device alias when key is plugged in, register this in systemd
|
||||||
|
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0405", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/yubikey"
|
||||||
|
|
||||||
|
# Yubikey: unregister key when unplugged (bug in systemd/kernel, see https://github.com/systemd/systemd/issues/7587)
|
||||||
|
ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="1050/405/*", TAG+="systemd"
|
||||||
|
# Yubikey: grant access to group plugdev
|
||||||
|
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", \
|
||||||
|
MODE="664", GROUP="wheel"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
# services.pcscd.enable = true;
|
||||||
|
programs.ssh.startAgent = false;
|
||||||
|
programs.gnupg.agent = {
|
||||||
|
pinentryFlavor = "gnome3";
|
||||||
|
enable = true;
|
||||||
|
enableSSHSupport = true;
|
||||||
|
enableExtraSocket = true;
|
||||||
|
enableBrowserSocket = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user