feat(yubikey): add GPG agent, pcscd, and YubiKey support
Enable gpg-agent with SSH support and pinentry-gnome3, add yubikey-manager and pcscd service, configure GPG with hardened preferences and scdaemon, disable gnome-keyring SSH agent, and prepare git signing configuration.
This commit is contained in:
+8
-4
@@ -104,15 +104,17 @@
|
||||
code-cursor
|
||||
adwaita-icon-theme
|
||||
pkgs-unstable.claude-code # Use unstable for latest version
|
||||
yubikey-manager
|
||||
];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
# programs.gnupg.agent = {
|
||||
# enable = true;
|
||||
# enableSSHSupport = true;
|
||||
# };
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
pinentryPackage = pkgs.pinentry-gnome3;
|
||||
};
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
@@ -216,6 +218,8 @@
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.pcscd.enable = true;
|
||||
|
||||
security.pam.services = {
|
||||
login.u2fAuth = true;
|
||||
sudo.u2fAuth = true;
|
||||
|
||||
Reference in New Issue
Block a user