nixos/modules/hardware/gpgsmartcards.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / hardware / gpgsmartcards.nix

at 25.11-pre 1.3 kB view raw

 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  # gnupg's manual describes how to setup ccid udev rules:
 9  #   https://www.gnupg.org/howtos/card-howto/en/ch02s03.html
10  # gnupg folks advised me (https://dev.gnupg.org/T5409) to look at debian's rules:
11  # https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/scdaemon.udev
12
13  # the latest rev of the entire debian gnupg2 repo as of 2021-04-28
14  # the scdaemon.udev file was last committed on 2021-01-05 (7817a03):
15  scdaemonUdevRev = "01898735a015541e3ffb43c7245ac1e612f40836";
16
17  scdaemonRules = pkgs.fetchurl {
18    url = "https://salsa.debian.org/debian/gnupg2/-/raw/${scdaemonUdevRev}/debian/scdaemon.udev";
19    sha256 = "08v0vp6950bz7galvc92zdss89y9vcwbinmbfcdldy8x72w6rqr3";
20  };
21
22  # per debian's udev deb hook (https://man7.org/linux/man-pages/man1/dh_installudev.1.html)
23  destination = "60-scdaemon.rules";
24
25  scdaemonUdevRulesPkg = pkgs.runCommand "scdaemon-udev-rules" { } ''
26    loc="$out/lib/udev/rules.d/"
27    mkdir -p "''${loc}"
28    cp "${scdaemonRules}" "''${loc}/${destination}"
29  '';
30
31  cfg = config.hardware.gpgSmartcards;
32in
33{
34  options.hardware.gpgSmartcards = {
35    enable = lib.mkEnableOption "udev rules for gnupg smart cards";
36  };
37
38  config = lib.mkIf cfg.enable {
39    services.udev.packages = [ scdaemonUdevRulesPkg ];
40  };
41}