diff --git a/modules/yubikey/default.nix b/modules/yubikey/default.nix
index 02ab072..00082c1 100644
--- a/modules/yubikey/default.nix
+++ b/modules/yubikey/default.nix
@@ -23,21 +23,21 @@ in
       ];
       extraRules = ''
         # Yubikey: create a symlink when key is plugged in, register this in systemd
-        # ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", SYMLINK+="yubikey", TAG+="systemd"
-        # Yubikey: create a device alias when key is plugged in, register this in systemd
-        ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0405", TAG+="systemd", ENV{SYSTEMD_ALIAS}="/dev/yubikey"
-
-        # Yubikey: unregister key when unplugged (bug in systemd/kernel, see https://github.com/systemd/systemd/issues/7587)
-        ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="1050/405/*", TAG+="systemd"
-        # Yubikey: grant access to group plugdev
-        ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", \
-          MODE="664", GROUP="wheel"
+        ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", TAG+="systemd", SYMLINK="yubikey"
       '';
     };
     # services.pcscd.enable = true;
     programs.ssh.startAgent = false;
     programs.gnupg.agent = {
+      # Note that this setting alone doesn't help with the pinentry bug. The
+      # pinentry is set as `--pinentry <something>`, but this is overriden when
+      # the first sighup comes along and the config is read. At that point
+      # gnupg forces the original pinentry, which no longer exists.
+      #
+      # A hacky fix is to use home-manager to write the pinentry path to the
+      # ~/.gnupg/gpg-agent.conf
       pinentryFlavor = "gnome3";
+
       enable = true;
       enableSSHSupport = true;
       enableExtraSocket = true;
@@ -46,3 +46,4 @@ in
   };
 }
 
+