Commit 96924fac3bc6

Vincent Demeester <vincent@sbr.pm>
2025-01-09 11:03:48
Enable yubikey-agent and disable ssh with gpg-agent
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 0844edf
Changed files (2)
systems
modules
hardware
yubikey.nix
users
vincent
core
gpg.nix
systems/modules/hardware/yubikey.nix
@@ -7,6 +7,11 @@ in
   options = {
     modules.hardware.yubikey = {
       enable = mkEnableOption "Enable yubikey profile";
+      agent = mkOption {
+        default = true;
+        description = "wether to enable yubikey-agent";
+        type = types.bool;
+      };
       u2f = mkOption {
         default = true;
         description = "wether to enable auth with yubkeys throguh pam using u2f";
@@ -45,5 +50,8 @@ in
         enable = true;
       };
     })
+    (mkIf cfg.agent {
+      services.yubikey-agent.enable = true;
+    };)
   ]);
 }
users/vincent/core/gpg.nix
@@ -16,9 +16,9 @@ in
   services = {
     gpg-agent = {
       enable = true;
-      enableSshSupport = true;
+      # enableSshSupport = true;
       enableExtraSocket = true;
-      defaultCacheTtlSsh = 7200;
+      # defaultCacheTtlSsh = 7200;
     } // (if stable then {
       pinentryFlavor = if (nixosConfig.modules.desktop.enable) then "gnome3" else "tty";
     } else {