ajout config yubike

services/default.nix

@@ -13,6 +13,7 @@ in
     ./haveged.nix
     ./monitoring-munin.nix
     ./ssh.nix
+    ./yubikey.nix
 
     # commandées par config-generator
     ## option de configuration spécifique

services/yubikey.nix

@@ -0,0 +1,42 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkMerge mkThenElse;
+  annuaire = config.r6d.machines;
+  currentMachine = annuaire."${config.networking.hostName}";
+  flags = currentMachine.configuration-flags;
+in
+
+mkIf true {
+
+  # Services
+  # https://github.com/NixOS/nixpkgs/issues/15960
+
+  services = {
+    pcscd.enable = true;
+
+    udev.packages = with pkgs; [
+      libu2f-host
+      yubikey-personalization
+    ];
+
+    xserver.displayManager.sessionCommands = ''
+      # https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c
+      gpg-connect-agent /bye
+      GPG_TTY=$(tty)
+      export GPG_TTY
+    '';
+  };
+  users.extraGroups.yubikey = {};
+
+  environment.systemPackages = with pkgs; [
+    gnupg opensc pcsctools libu2f-host yubikey-personalization
+  ];
+
+  security.pam.enableU2F = true;
+
+  /*users.extraUsers.joko = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "input" "audio" "video" ];
+  };*/
+}