Compare commits
18 Commits
237939b0e8
...
4388cc6249
| Author | SHA1 | Date | |
|---|---|---|---|
| 4388cc6249 | |||
| bf211a91ef | |||
| 07d6dfa472 | |||
| 8ad339bd89 | |||
| 91b97f3720 | |||
| 35a3908476 | |||
| 8b2e483e6d | |||
| 952d27ae4c | |||
| a31d2a9465 | |||
| fae75df867 | |||
| 0639afdb50 | |||
| 80756cb5cf | |||
| cc382af4b4 | |||
| 89b46a6fc3 | |||
| d9cc001552 | |||
| 44c2f98280 | |||
| 0d6013b605 | |||
| bc1691d01c |
@@ -66,6 +66,7 @@
|
|||||||
services.gpg-agent = {
|
services.gpg-agent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableSshSupport = true;
|
enableSshSupport = true;
|
||||||
|
pinentry.package = pkgs.pinentry-curses; # terminal PIN prompt for YubiKey
|
||||||
};
|
};
|
||||||
|
|
||||||
# Allow unfree packages
|
# Allow unfree packages
|
||||||
|
|||||||
@@ -14,7 +14,7 @@
|
|||||||
save = 10000;
|
save = 10000;
|
||||||
};
|
};
|
||||||
|
|
||||||
initExtra = ''
|
initContent = ''
|
||||||
bindkey '^R' history-incremental-search-backward
|
bindkey '^R' history-incremental-search-backward
|
||||||
bindkey '^S' history-incremental-search-forward
|
bindkey '^S' history-incremental-search-forward
|
||||||
|
|
||||||
|
|||||||
@@ -5,6 +5,7 @@
|
|||||||
./modules/system.nix
|
./modules/system.nix
|
||||||
./modules/development.nix
|
./modules/development.nix
|
||||||
./modules/shell.nix
|
./modules/shell.nix
|
||||||
|
./modules/yubikey.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# ============================================
|
# ============================================
|
||||||
@@ -17,6 +18,8 @@
|
|||||||
curl
|
curl
|
||||||
vim
|
vim
|
||||||
htop
|
htop
|
||||||
|
home-manager
|
||||||
|
usbutils
|
||||||
];
|
];
|
||||||
|
|
||||||
# Allow unfree packages
|
# Allow unfree packages
|
||||||
|
|||||||
@@ -12,7 +12,7 @@
|
|||||||
# Users
|
# Users
|
||||||
users.users.eliaskohout = {
|
users.users.eliaskohout = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" "docker" ];
|
extraGroups = [ "wheel" "docker" "plugdev" ];
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
36
nixos/modules/yubikey.nix
Normal file
36
nixos/modules/yubikey.nix
Normal file
@@ -0,0 +1,36 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# Create the plugdev group (required for user-space USB access to YubiKey)
|
||||||
|
users.groups.plugdev = {};
|
||||||
|
|
||||||
|
# Enable PC/SC daemon — required for GPG smartcard (gpg --card-status) and YubiKey
|
||||||
|
services.pcscd.enable = true;
|
||||||
|
|
||||||
|
# udev rules so the YubiKey gets plugdev group ownership and correct permissions
|
||||||
|
services.udev.packages = with pkgs; [
|
||||||
|
yubikey-personalization
|
||||||
|
libu2f-host
|
||||||
|
];
|
||||||
|
|
||||||
|
# Give pcscd access to the YubiKey CCID USB interface (interface 1 on FIDO+CCID devices)
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", MODE="0666"
|
||||||
|
'';
|
||||||
|
|
||||||
|
# CCID driver for smartcard access
|
||||||
|
# NixOS's services.pcscd.plugins does not populate /var/lib/pcsc/drivers,
|
||||||
|
# so we symlink the ifd-ccid.bundle from the ccid package directly.
|
||||||
|
system.activationScripts.pcscdSetup = ''
|
||||||
|
mkdir -p /var/lib/pcsc/drivers
|
||||||
|
rm -rf /var/lib/pcsc/drivers/ifd-ccid.bundle 2>/dev/null || true
|
||||||
|
ln -sf "${pkgs.ccid}/pcsc/drivers/ifd-ccid.bundle" /var/lib/pcsc/drivers/ifd-ccid.bundle
|
||||||
|
'';
|
||||||
|
|
||||||
|
# YubiKey management tools
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
yubikey-manager # ykman CLI
|
||||||
|
yubikey-personalization # ykpers / ykchalresp
|
||||||
|
yubico-piv-tool # PIV applet management
|
||||||
|
];
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user