services/yubikey.nix

{ config, lib, pkgs, ... }:

let
  inherit (lib) mkIf mkMerge mkThenElse;
  annuaire = config.r6d.machines;
  currentMachine = annuaire."${config.networking.fqdn}";
  flags = currentMachine.configurationFlags;
in

mkIf true {

  # Services
  # https://github.com/NixOS/nixpkgs/issues/15960

  services = {
    pcscd.enable = true;

    udev.packages = with pkgs; [
      libu2f-host
      yubikey-personalization
    ];

    xserver.displayManager.sessionCommands = ''
      # https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c
      gpg-connect-agent /bye
      GPG_TTY=$(tty)
      export GPG_TTY
    '';
  };
  users.extraGroups.yubikey = {};

  environment.systemPackages = with pkgs; [
    gnupg opensc pcsctools libu2f-host yubikey-personalization
  ];

  security.pam.u2f.enable = true;

  /*users.extraUsers.joko = {
    isNormalUser = true;
    extraGroups = [ "wheel" "input" "audio" "video" ];
  };*/
}
ajout config yubike 2017-05-15 22:53:29 +02:00			`{ config, lib, pkgs, ... }:`

			`let`
			`inherit (lib) mkIf mkMerge mkThenElse;`
			`annuaire = config.r6d.machines;`
utilisation de networking.fqdn (hostName + domain) Les nouvelles règles dans NixOS obligent à avoir dans networking.hostName un label DNS strict, il faut donc préciser le domaine à part dans networking.domain. networking.fqdn est une facilité pour concaténer les deux, en lecture seule. 2021-05-06 23:50:07 +02:00			`currentMachine = annuaire."${config.networking.fqdn}";`
regroupement des options éparses en configurationOptions et renommage 2017-05-31 00:23:10 +02:00			`flags = currentMachine.configurationFlags;`
ajout config yubike 2017-05-15 22:53:29 +02:00			`in`

			`mkIf true {`

			`# Services`
			`# https://github.com/NixOS/nixpkgs/issues/15960`

			`services = {`
			`pcscd.enable = true;`

			`udev.packages = with pkgs; [`
			`libu2f-host`
			`yubikey-personalization`
			`];`

			`xserver.displayManager.sessionCommands = ''`
			`# https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c`
			`gpg-connect-agent /bye`
			`GPG_TTY=$(tty)`
			`export GPG_TTY`
			`'';`
			`};`
			`users.extraGroups.yubikey = {};`

			`environment.systemPackages = with pkgs; [`
			`gnupg opensc pcsctools libu2f-host yubikey-personalization`
			`];`

/!\ migration à nixos 19.03 (18.03 plus mis à jour) 2019-05-09 12:30:21 +02:00			`security.pam.u2f.enable = true;`
ajout config yubike 2017-05-15 22:53:29 +02:00
			`/*users.extraUsers.joko = {`
			`isNormalUser = true;`
			`extraGroups = [ "wheel" "input" "audio" "video" ];`
			`};*/`
			`}`