pyrox.dev
1# Global configuration for yubikey-agent.
2
3{ config, lib, pkgs, ... }:
4
5with lib;
6
7let
8 cfg = config.services.yubikey-agent;
9in
10{
11 ###### interface
12
13 meta.maintainers = with maintainers; [ philandstuff rawkode jwoudenberg ];
14
15 options = {
16
17 services.yubikey-agent = {
18 enable = mkOption {
19 type = types.bool;
20 default = false;
21 description = ''
22 Whether to start yubikey-agent when you log in. Also sets
23 SSH_AUTH_SOCK to point at yubikey-agent.
24
25 Note that yubikey-agent will use whatever pinentry is
26 specified in programs.gnupg.agent.pinentryPackage.
27 '';
28 };
29
30 package = mkPackageOption pkgs "yubikey-agent" { };
31 };
32 };
33
34 config = mkIf cfg.enable {
35 environment.systemPackages = [ cfg.package ];
36 systemd.packages = [ cfg.package ];
37
38 # This overrides the systemd user unit shipped with the
39 # yubikey-agent package
40 systemd.user.services.yubikey-agent = mkIf (config.programs.gnupg.agent.pinentryPackage != null) {
41 path = [ config.programs.gnupg.agent.pinentryPackage ];
42 wantedBy = [ "default.target" ];
43 };
44
45 # Yubikey-agent expects pcsd to be running in order to function.
46 services.pcscd.enable = true;
47
48 environment.extraInit = ''
49 if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
50 export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/yubikey-agent/yubikey-agent.sock"
51 fi
52 '';
53 };
54}