Added support for SSH and GPG
This commit is contained in:
parent
21b32771e1
commit
1cde473748
GPG key ID:
A4122FF3971B6865
|
|
@ -4,22 +4,62 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
services.udev.packages = [
|
services = {
|
||||||
pkgs.yubikey-personalization # A library and command line tool to personalize YubiKeys
|
udev = {
|
||||||
pkgs.libu2f-host # A C library and command-line tool that implements the host-side of the U2F protocol
|
packages = [
|
||||||
];
|
pkgs.yubikey-personalization # A library and command line tool to personalize YubiKeys
|
||||||
|
pkgs.libu2f-host # A C library and command-line tool that implements the host-side of the U2F protocol
|
||||||
services.pcscd.enable = true; # Enable PCSC-Lite daemon
|
];
|
||||||
|
extraRules = let
|
||||||
|
dependencies = with pkgs; [ coreutils gnupg gawk gnugrep ];
|
||||||
|
clearYubikey = pkgs.writeScript "clear-yubikey" ''
|
||||||
|
#!${pkgs.stdenv.shell}
|
||||||
|
export PATH=${pkgs.lib.makeBinPath dependencies};
|
||||||
|
keygrips=$(
|
||||||
|
gpg-connect-agent 'keyinfo --list' /bye 2>/dev/null \
|
||||||
|
| grep -v OK \
|
||||||
|
| awk '{if ($4 == "T") { print $3 ".key" }}')
|
||||||
|
for f in $keygrips; do
|
||||||
|
rm -v ~/.gnupg/private-keys-v1.d/$f
|
||||||
|
done
|
||||||
|
gpg --card-status 2>/dev/null 1>/dev/null || true
|
||||||
|
'';
|
||||||
|
clearYubikeyUser = pkgs.writeScript "clear-yubikey-user" ''
|
||||||
|
#!${pkgs.stdenv.shell}
|
||||||
|
${pkgs.sudo}/bin/sudo -u <your username> ${clearYubikey}
|
||||||
|
'';
|
||||||
|
in ''
|
||||||
|
ACTION=="add|change", SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407", RUN+="${clearYubikeyUser}"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
pcscd.enable = true; # Enable PCSC-Lite daemon
|
||||||
|
};
|
||||||
|
|
||||||
# Additional packages used with the Yubikey
|
# Additional packages used with the Yubikey
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [
|
||||||
|
gnupg # GNU Privacy Guard
|
||||||
|
pinentry_ncurses # GnuPG’s interface to passphrase input
|
||||||
|
paperkey # Store OpenPGP or GnuPG on paper
|
||||||
yubikey-manager # CLI tool for configuring any YubiKey over USB
|
yubikey-manager # CLI tool for configuring any YubiKey over USB
|
||||||
yubikey-manager-qt # Configure any YubiKey over USB interfaces
|
yubikey-manager-qt # Configure any YubiKey over USB interfaces
|
||||||
yubikey-personalization # Lib & CLI tool to personalize YubiKeys
|
yubikey-personalization # Lib & CLI tool to personalize YubiKeys
|
||||||
yubikey-personalization-gui # QT based utility to facilitate Yubikey reconfiguration
|
yubikey-personalization-gui # QT based utility to facilitate Yubikey reconfiguration
|
||||||
yubioath-desktop # Yubikey Desktop Authenticator
|
yubioath-desktop # Yubikey Desktop Authenticator
|
||||||
];
|
];
|
||||||
|
shellInit = ''
|
||||||
|
export GPG_TTY="$(tty)"
|
||||||
|
gpg-connect-agent /bye
|
||||||
|
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
ssh.startAgent = false; # Disable the SSH Agent
|
||||||
|
gnupg.agent = {
|
||||||
|
enable = true; # Enable GPG Agent
|
||||||
|
enableSSHSupport = true; # Enable SSH agent support in GnuPG agent
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue