swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: enable yubikey hardware decryption

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-03-25 02:38:23 +01:00
parent a15bd220f4
commit e312a05de0
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
profiles/home/common/gpg-agent.nix
View file

@ -5,6 +5,8 @@ in
{ {
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableZshIntegration = true;
enableScDaemon = true;
enableSshSupport = true; enableSshSupport = true;
enableExtraSocket = true; enableExtraSocket = true;
pinentryPackage = pkgs.pinentry.gtk2; pinentryPackage = pkgs.pinentry.gtk2;

5
profiles/nixos/optional/work.nix
View file

@ -17,8 +17,11 @@ in
}; };
boot.initrd = { boot.initrd = {
systemd.enable = true; systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
luks = { luks = {
# disable "support" since we use systemd-cryptenroll
# make sure yubikeys are enrolled using
# sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2
yubikeySupport = false; yubikeySupport = false;
fido2Support = false; fido2Support = false;
}; };