From aa6ae3cc8db1a72e95dcbfaf84d2c31b7ecbe8aa Mon Sep 17 00:00:00 2001
From: Jean-Pierre PRUNARET <jean-pierre+git@prunetwork.fr>
Date: Mon, 15 May 2017 22:53:29 +0200
Subject: [PATCH] ajout config yubike

---
 services/default.nix |  1 +
 services/yubikey.nix | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 services/yubikey.nix

diff --git a/services/default.nix b/services/default.nix
index 352a9e8..1caa947 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -13,6 +13,7 @@ in
     ./haveged.nix
     ./monitoring-munin.nix
     ./ssh.nix
+    ./yubikey.nix
 
     # commandées par config-generator
     ## option de configuration spécifique
diff --git a/services/yubikey.nix b/services/yubikey.nix
new file mode 100644
index 0000000..916893f
--- /dev/null
+++ b/services/yubikey.nix
@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.hostName}";
+  flags = currentMachine.configuration-flags;
+in
+
+mkIf true {
+
+  # Services
+  # https://github.com/NixOS/nixpkgs/issues/15960
+
+  services = {
+    pcscd.enable = true;
+
+    udev.packages = with pkgs; [
+      libu2f-host
+      yubikey-personalization
+    ];
+
+    xserver.displayManager.sessionCommands = ''
+      # https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c
+      gpg-connect-agent /bye
+      GPG_TTY=$(tty)
+      export GPG_TTY
+    '';
+  };
+  users.extraGroups.yubikey = {};
+
+  environment.systemPackages = with pkgs; [
+    gnupg opensc pcsctools libu2f-host yubikey-personalization
+  ];
+
+  security.pam.enableU2F = true;
+
+  /*users.extraUsers.joko = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "input" "audio" "video" ];
+  };*/
+}