From bc1691d01c712bf976653566471d36ee43a492b9 Mon Sep 17 00:00:00 2001 From: Elias Kohout Date: Tue, 7 Apr 2026 17:08:12 +0200 Subject: [PATCH] adding yubikey func --- nixos/default.nix | 2 ++ nixos/modules/system.nix | 2 +- nixos/modules/yubikey.nix | 22 ++++++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/yubikey.nix diff --git a/nixos/default.nix b/nixos/default.nix index 3accded..ad31d06 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -5,6 +5,7 @@ ./modules/system.nix ./modules/development.nix ./modules/shell.nix + ./modules/yubikey.nix ]; # ============================================ @@ -17,6 +18,7 @@ curl vim htop + home-manager ]; # Allow unfree packages diff --git a/nixos/modules/system.nix b/nixos/modules/system.nix index dfdf6a3..b3f7535 100644 --- a/nixos/modules/system.nix +++ b/nixos/modules/system.nix @@ -12,7 +12,7 @@ # Users users.users.eliaskohout = { isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; + extraGroups = [ "wheel" "docker" "plugdev" ]; shell = pkgs.zsh; }; diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix new file mode 100644 index 0000000..12e6cc2 --- /dev/null +++ b/nixos/modules/yubikey.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + # Create the plugdev group (required for user-space USB access to YubiKey) + users.groups.plugdev = {}; + + # Enable PC/SC daemon — required for GPG smartcard (gpg --card-status) and YubiKey + services.pcscd.enable = true; + + # udev rules so the YubiKey gets plugdev group ownership and correct permissions + services.udev.packages = with pkgs; [ + yubikey-personalization + libu2f-host + ]; + + # YubiKey management tools + environment.systemPackages = with pkgs; [ + yubikey-manager # ykman CLI + yubikey-personalization # ykpers / ykchalresp + yubico-piv-tool # PIV applet management + ]; +}