Fix the udev rule with yubikey

2022-01-12 10:35:23 +02:00 · 2022-01-12 10:35:23 +02:00 · e734d7d084
parent 7da1cb3caa
commit e734d7d084
1 changed files with 10 additions and 9 deletions
--- a/modules/yubikey/default.nix
+++ b/modules/yubikey/default.nix
@ -23,21 +23,21 @@ in
      ];
      extraRules = ''
        # Yubikey: create a symlink when key is plugged in, register this in systemd
-        # ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", SYMLINK+="yubikey", TAG+="systemd"
-        # Yubikey: create a device alias when key is plugged in, register this in systemd
-        ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0405", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/yubikey"
-
-        # Yubikey: unregister key when unplugged (bug in systemd/kernel, see https://github.com/systemd/systemd/issues/7587)
-        ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="1050/405/*", TAG+="systemd"
-        # Yubikey: grant access to group plugdev
-        ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", \
-          MODE="664", GROUP="wheel"
+        ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", TAG+="systemd", SYMLINK="yubikey"
      '';
    };
    # services.pcscd.enable = true;
    programs.ssh.startAgent = false;
    programs.gnupg.agent = {
+      # Note that this setting alone doesn't help with the pinentry bug. The
+      # pinentry is set as `--pinentry <something>`, but this is overriden when
+      # the first sighup comes along and the config is read. At that point
+      # gnupg forces the original pinentry, which no longer exists.
+      #
+      # A hacky fix is to use home-manager to write the pinentry path to the
+      # ~/.gnupg/gpg-agent.conf
      pinentryFlavor = "gnome3";
+
      enable = true;
      enableSSHSupport = true;
      enableExtraSocket = true;
@ -46,3 +46,4 @@ in
  };
 }

+