diff --git a/hosts/nishimiya.nix b/hosts/nishimiya.nix index 8ea7a5b..c8fde3d 100644 --- a/hosts/nishimiya.nix +++ b/hosts/nishimiya.nix @@ -56,6 +56,7 @@ direnv.enable = true; }; services = { + yubikey.enable = true; cups.enable = true; gnome.enable = false; kanshi = let @@ -120,10 +121,16 @@ enable = true; layout = "de"; libinput.enable = true; - }; + }; }; - virtualisation.docker.enable = true; + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + }; + }; environment.systemPackages = with pkgs; [ ansible @@ -135,10 +142,11 @@ mgba mupen64plus melonds desmume dolphin ]; }) - ]; programs = { - gnupg.agent.pinentryFlavor = "qt"; + gnupg.agent = { + pinentryFlavor = "qt"; + }; }; } diff --git a/modules/default.nix b/modules/default.nix index bc48634..a9a0e32 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -36,6 +36,7 @@ ./services/greetd ./services/cups ./services/logiops + ./services/yubikey # User #./users/default.nix diff --git a/modules/services/yubikey/default.nix b/modules/services/yubikey/default.nix new file mode 100644 index 0000000..b245d83 --- /dev/null +++ b/modules/services/yubikey/default.nix @@ -0,0 +1,31 @@ +{ lib, config, pkgs, ...}: + +let + cfg = config.ptw.services.yubikey; +in { + options.ptw.services.yubikey = { + enable = lib.mkEnableOption "Enable everything for using a YubiKey"; + }; + + config = lib.mkIf cfg.enable { + services = { + # Unprivileged access to the YubiKey + udev.packages = [ pkgs.yubikey-personalization ]; + + # Allow using the YubiKey as a smart card + pcscd.enable = true; + }; + + environment.systemPackages = with pkgs; [ + # Management + yubikey-manager-qt yubikey-manager yubico-piv-tool + ]; + + programs = { + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + }; +}