diff --git a/SwarselSystems.org b/SwarselSystems.org index 78392c9..ea4c228 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -10738,7 +10738,7 @@ Also, since I use a GPG key in sops, it seems that scdaemon creates an instance config = lib.mkIf config.swarselmodules.yubikey { programs.ssh.startAgent = false; - services.pcscd.enable = false; + services.pcscd.enable = true; hardware.gpgSmartcards.enable = true; @@ -25620,61 +25620,64 @@ When setting up a new machine: #+end_src #+begin_src nix-ts :tangle modules/home/common/gpg-agent.nix - { self, lib, config, pkgs, ... }: - let - inherit (config.swarselsystems) mainUser homeDir; - in - { - options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings"; - config = lib.mkIf config.swarselmodules.gpgagent { - services.gpg-agent = { - enable = true; - verbose = true; - enableZshIntegration = true; - enableScDaemon = true; - enableSshSupport = true; - enableExtraSocket = true; - pinentry.package = pkgs.wayprompt; - pinentry.program = "pinentry-wayprompt"; - # pinentry.package = pkgs.pinentry.gtk2; - defaultCacheTtl = 600; - maxCacheTtl = 7200; - extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry - ''; - sshKeys = [ - "4BE7925262289B476DBBC17B76FD3810215AE097" - ]; - }; + { self, lib, config, pkgs, ... }: + let + inherit (config.swarselsystems) mainUser homeDir; + in + { + options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings"; + config = lib.mkIf config.swarselmodules.gpgagent { + services.gpg-agent = { + enable = true; + verbose = true; + enableZshIntegration = true; + enableScDaemon = true; + enableSshSupport = true; + enableExtraSocket = true; + pinentry.package = pkgs.wayprompt; + pinentry.program = "pinentry-wayprompt"; + # pinentry.package = pkgs.pinentry.gtk2; + defaultCacheTtl = 600; + maxCacheTtl = 7200; + extraConfig = '' + allow-loopback-pinentry + allow-emacs-pinentry + ''; + sshKeys = [ + "4BE7925262289B476DBBC17B76FD3810215AE097" + ]; + }; - programs.gpg = { - enable = true; - publicKeys = [ - { - source = "${self}/secrets/public/gpg/gpg-public-key-0x76FD3810215AE097.asc"; - trust = 5; - } - ]; - }; - - systemd.user.tmpfiles.rules = [ - "d ${homeDir}/.gnupg 0700 ${mainUser} users - -" - ]; - - # assure correct permissions - # systemd.user.tmpfiles.settings."30-gpgagent".rules = { - # "${homeDir}/.gnupg" = { - # d = { - # group = "users"; - # user = mainUser; - # mode = "0700"; - # }; - # }; - # }; + programs.gpg = { + enable = true; + scdaemonSettings = { + disable-ccid = true; # prevent conflicts between pcscd and scdameon }; + publicKeys = [ + { + source = "${self}/secrets/public/gpg/gpg-public-key-0x76FD3810215AE097.asc"; + trust = 5; + } + ]; + }; - } + systemd.user.tmpfiles.rules = [ + "d ${homeDir}/.gnupg 0700 ${mainUser} users - -" + ]; + + # assure correct permissions + # systemd.user.tmpfiles.settings."30-gpgagent".rules = { + # "${homeDir}/.gnupg" = { + # d = { + # group = "users"; + # user = mainUser; + # mode = "0700"; + # }; + # }; + # }; + }; + + } #+end_src **** gammastep diff --git a/modules/home/common/gpg-agent.nix b/modules/home/common/gpg-agent.nix index 7a052bf..4229e8b 100644 --- a/modules/home/common/gpg-agent.nix +++ b/modules/home/common/gpg-agent.nix @@ -28,6 +28,9 @@ in programs.gpg = { enable = true; + scdaemonSettings = { + disable-ccid = true; # prevent conflicts between pcscd and scdameon + }; publicKeys = [ { source = "${self}/secrets/public/gpg/gpg-public-key-0x76FD3810215AE097.asc"; diff --git a/modules/nixos/client/hardwarecompatibility-yubikey.nix b/modules/nixos/client/hardwarecompatibility-yubikey.nix index 75f55bc..58b0078 100644 --- a/modules/nixos/client/hardwarecompatibility-yubikey.nix +++ b/modules/nixos/client/hardwarecompatibility-yubikey.nix @@ -8,7 +8,7 @@ in config = lib.mkIf config.swarselmodules.yubikey { programs.ssh.startAgent = false; - services.pcscd.enable = false; + services.pcscd.enable = true; hardware.gpgSmartcards.enable = true;