diff --git a/nix/configuration/roles/gpg/default.nix b/nix/configuration/roles/gpg/default.nix index cb30de5..c6e07cd 100644 --- a/nix/configuration/roles/gpg/default.nix +++ b/nix/configuration/roles/gpg/default.nix @@ -13,9 +13,35 @@ # # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz + hardware.gpgSmartcards.enable = true; + services.udev.packages = [ pkgs.yubikey-personalization ]; + services.pcscd.enable = true; + # services.gnome.gnome-keyring.enable = true; + + # services.dbus.packages = [ pkgs.gcr ]; + + # services.pcscd.plugins = lib.mkForce [ ]; + + # programs.gpg.scdaemonSettings = { + # disable-ccid = true; + # }; + + # .gnupg/scdaemon.conf + home-manager.users.talexander = + { pkgs, ... }: + { + home.file.".gnupg/scdaemon.conf" = { + source = ./files/scdaemon.conf; + }; + }; + programs.gnupg.agent = { enable = true; enableSSHSupport = true; + pinentryPackage = pkgs.pinentry-qt; + # settings = { + # disable-ccid = true; + # }; }; environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { @@ -32,4 +58,29 @@ }; }; + # nixpkgs.overlays = [ + # (final: prev: { + # pcsclite = prev.pcsclite.overrideAttrs (old: { + # postPatch = '' + # substituteInPlace src/libredirect.c src/spy/libpcscspy.c \ + # --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1" + # ''; + # }); + # }) + # ]; + + # security.polkit.extraConfig = '' + # polkit.addRule(function(action, subject) { + # if (action.id == "org.debian.pcsc-lite.access_card") { + # return polkit.Result.YES; + # } + # }); + + # polkit.addRule(function(action, subject) { + # if (action.id == "org.debian.pcsc-lite.access_pcsc") { + # return polkit.Result.YES; + # } + # }); + # ''; + } diff --git a/nix/configuration/roles/gpg/files/scdaemon.conf b/nix/configuration/roles/gpg/files/scdaemon.conf new file mode 100644 index 0000000..eb818dd --- /dev/null +++ b/nix/configuration/roles/gpg/files/scdaemon.conf @@ -0,0 +1 @@ +disable-ccid