Clean up yubikey.nix: remove redundant udev rule and improve comments

2026-04-07 17:47:17 +02:00
parent 91b97f3720
commit 8ad339bd89
1 changed files with 4 additions and 7 deletions
--- a/nixos/modules/yubikey.nix
+++ b/nixos/modules/yubikey.nix
@@ -13,23 +13,20 @@
    libu2f-host
  ];

-  # Add udev rule for YubiKey CCID interface to be readable by pcscd
+  # Give pcscd access to the YubiKey CCID USB interface (interface 1 on FIDO+CCID devices)
  services.udev.extraRules = ''
-    # YubiKey FIDO+CCID (0x0406) - ensure CCID interface is accessible
    SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", MODE="0666"
-    SUBSYSTEM=="usb_device", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", MODE="0666"
  '';

-  # CCID driver for smartcard access (required for YubiKey CCID functionality)
-  # Set up the PC/SC drivers directory with CCID driver bundle
+  # CCID driver for smartcard access
+  # NixOS's services.pcscd.plugins does not populate /var/lib/pcsc/drivers,
+  # so we symlink the ifd-ccid.bundle from the ccid package directly.
  system.activationScripts.pcscdSetup = ''
    mkdir -p /var/lib/pcsc/drivers
-    # Symlink the entire CCID bundle (or create it if it doesn't exist)
    rm -rf /var/lib/pcsc/drivers/ifd-ccid.bundle 2>/dev/null || true
    ln -sf "${pkgs.ccid}/pcsc/drivers/ifd-ccid.bundle" /var/lib/pcsc/drivers/ifd-ccid.bundle
  '';

-
  # YubiKey management tools
  environment.systemPackages = with pkgs; [
    yubikey-manager          # ykman CLI