Home Gen7 @ 2025-10-08-14:51 by admin-jroeger@T14-OE130-7-ubuntu

2025-10-08 14:51:50 +02:00
parent b30a811d6c
commit 5532a99dd4
3 changed files with 32 additions and 15 deletions
--- a/modules/home/yubikey.nix
+++ b/modules/home/yubikey.nix
@@ -13,6 +13,7 @@ in {
      default = "qt";
      description = "The pinentry flavour to use";
    };
+    withCCID = mkEnableOption "Use stand-aline CCID (instead of a running pcscd service)";
  };

  config = lib.mkIf cfg.enable {
@@ -26,17 +27,33 @@ in {
          trust = "ultimate";
        }
      ];
+      scdaemonSettings = {
+        disable-ccid = !cfg.withCCID;
+      };
+    };
+    services.gpg-agent = {
+      enable = true;
+      enableSshSupport = true;
+      enableZshIntegration = true;
+      pinentry =
+        if cfg.pinentry == "gnome3"
+        then {
+          package = pkgs.pinentry-gnome3;
+          program = "pinentry-gnome3";
+        }
+        else if cfg.pinentry == "qt"
+        then {
+          package = pkgs.pinentry-qt;
+          program = "pinentry-qt";
+        }
+        else {};
+      sshKeys = [config.programs.git.signing.key];
+    };
+    home.sessionVariables = {
+      SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh";
+    };
+    systemd.user.settings.Manager.DefaultEnvironment = {
+      SSH_AUTH_SOCK = "/run/user/%U/gnupg/S.gpg-agent.ssh";
    };
-    # services.gpg-agent = {
-    #   enable = true;
-    #   enableSshSupport = true;
-    #   enableZshIntegration = true;
-    # };
-    # home.sessionVariables = {
-    #   SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh";
-    # };
-    # systemd.user.settings.Manager.DefaultEnvironment = lib.mapAttrs (_: lib.mkDefault) {
-    #   SSH_AUTH_SOCK = "/run/user/%U/gnupg/S.gpg-agent.ssh";
-    # };
  };
 }