diff --git a/nix/configuration/roles/gpg/default.nix b/nix/configuration/roles/gpg/default.nix
index 760fd90..38dc3ca 100644
--- a/nix/configuration/roles/gpg/default.nix
+++ b/nix/configuration/roles/gpg/default.nix
@@ -15,7 +15,18 @@
   # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
 
   hardware.gpgSmartcards.enable = true;
-  services.udev.packages = [ pkgs.yubikey-personalization ];
+  services.udev.packages = [
+    pkgs.yubikey-personalization
+    pkgs.libfido2
+    (pkgs.writeTextFile {
+      name = "my-rules";
+      text = ''
+        ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
+        KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
+      '';
+      destination = "/etc/udev/rules.d/50-yubikey.rules";
+    })
+  ];
   services.pcscd.enable = true;
   # services.gnome.gnome-keyring.enable = true;
 
@@ -36,7 +47,7 @@
       };
     };
 
-  programs.gnupg.dirmngr.enable = true;
+  # programs.gnupg.dirmngr.enable = true;
   programs.gnupg.agent = {
     enable = true;
     enableSSHSupport = true;
@@ -87,12 +98,15 @@
 
   environment.systemPackages = with pkgs; [
     pcsctools
+    yubikey-personalization
+    yubikey-manager
   ];
 
   # nixpkgs.overlays = [
   #   (final: prev: {
   #     gnupg = pkgs-unstable.gnupg;
   #     scdaemon = pkgs-unstable.scdaemon;
+  #     libgcrypt = pkgs-unstable.libgcrypt;
   #   })
   # ];
 
@@ -108,4 +122,5 @@
   #   })
   # ];
 
+  programs.gnupg.agent.enableExtraSocket = true;
 }