nixos/modules/hardware/gpgsmartcards.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / hardware / gpgsmartcards.nix

at 24.11-pre 1.3 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4let
 5  # gnupg's manual describes how to setup ccid udev rules:
 6  #   https://www.gnupg.org/howtos/card-howto/en/ch02s03.html
 7  # gnupg folks advised me (https://dev.gnupg.org/T5409) to look at debian's rules:
 8  # https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/scdaemon.udev
 9
10  # the latest rev of the entire debian gnupg2 repo as of 2021-04-28
11  # the scdaemon.udev file was last committed on 2021-01-05 (7817a03):
12  scdaemonUdevRev = "01898735a015541e3ffb43c7245ac1e612f40836";
13
14  scdaemonRules = pkgs.fetchurl {
15    url = "https://salsa.debian.org/debian/gnupg2/-/raw/${scdaemonUdevRev}/debian/scdaemon.udev";
16    sha256 = "08v0vp6950bz7galvc92zdss89y9vcwbinmbfcdldy8x72w6rqr3";
17  };
18
19  # per debian's udev deb hook (https://man7.org/linux/man-pages/man1/dh_installudev.1.html)
20  destination = "60-scdaemon.rules";
21
22  scdaemonUdevRulesPkg = pkgs.runCommand "scdaemon-udev-rules" {} ''
23    loc="$out/lib/udev/rules.d/"
24    mkdir -p "''${loc}"
25    cp "${scdaemonRules}" "''${loc}/${destination}"
26  '';
27
28  cfg = config.hardware.gpgSmartcards;
29in {
30  options.hardware.gpgSmartcards = {
31    enable = mkEnableOption "udev rules for gnupg smart cards";
32  };
33
34  config = mkIf cfg.enable {
35    services.udev.packages = [ scdaemonUdevRulesPkg ];
36  };
37}