old
1{pkgs, ...}: {
2 # gpg agent with pinentry
3 programs.gnupg.agent = {
4 enable = true;
5 pinentryPackage = pkgs.pinentry-qt;
6 enableSSHSupport = false;
7 settings.default-cache-ttl = 4 * 60 * 60; # 4 hours
8 };
9
10 services.udev.packages = [pkgs.yubikey-personalization];
11 # Locking the screen when a Yubikey is unplugged
12 # https://nixos.wiki/wiki/Yubikey#Locking_the_screen_when_a_Yubikey_is_unplugged
13 services.udev.extraRules = ''
14 ACTION=="remove",\
15 ENV{ID_BUS}=="usb",\
16 ENV{ID_MODEL_ID}=="0407",\
17 ENV{ID_VENDOR_ID}=="1050",\
18 ENV{ID_VENDOR}=="Yubico",\
19 RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
20 '';
21 hardware.gpgSmartcards.enable = true;
22 services.pcscd.enable = true;
23}