feat(yubikey): add GPG agent, pcscd, and YubiKey support
Enable gpg-agent with SSH support and pinentry-gnome3, add yubikey-manager and pcscd service, configure GPG with hardened preferences and scdaemon, disable gnome-keyring SSH agent, and prepare git signing configuration.
This commit is contained in:
+8
-4
@@ -104,15 +104,17 @@
|
|||||||
code-cursor
|
code-cursor
|
||||||
adwaita-icon-theme
|
adwaita-icon-theme
|
||||||
pkgs-unstable.claude-code # Use unstable for latest version
|
pkgs-unstable.claude-code # Use unstable for latest version
|
||||||
|
yubikey-manager
|
||||||
];
|
];
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
# started in user sessions.
|
# started in user sessions.
|
||||||
# programs.mtr.enable = true;
|
# programs.mtr.enable = true;
|
||||||
# programs.gnupg.agent = {
|
programs.gnupg.agent = {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# enableSSHSupport = true;
|
enableSSHSupport = true;
|
||||||
# };
|
pinentryPackage = pkgs.pinentry-gnome3;
|
||||||
|
};
|
||||||
|
|
||||||
# List services that you want to enable:
|
# List services that you want to enable:
|
||||||
|
|
||||||
@@ -216,6 +218,8 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.pcscd.enable = true;
|
||||||
|
|
||||||
security.pam.services = {
|
security.pam.services = {
|
||||||
login.u2fAuth = true;
|
login.u2fAuth = true;
|
||||||
sudo.u2fAuth = true;
|
sudo.u2fAuth = true;
|
||||||
|
|||||||
@@ -22,6 +22,8 @@
|
|||||||
minicom
|
minicom
|
||||||
kicad
|
kicad
|
||||||
ghostty
|
ghostty
|
||||||
|
gnupg
|
||||||
|
pinentry-gnome3
|
||||||
gnomeExtensions.blur-my-shell
|
gnomeExtensions.blur-my-shell
|
||||||
gnomeExtensions.just-perfection
|
gnomeExtensions.just-perfection
|
||||||
gnomeExtensions.arc-menu
|
gnomeExtensions.arc-menu
|
||||||
@@ -114,11 +116,34 @@
|
|||||||
exec = "ghostty";
|
exec = "ghostty";
|
||||||
exec-arg = "";
|
exec-arg = "";
|
||||||
};
|
};
|
||||||
|
"org/gnome/crypto/cache" = {
|
||||||
|
enable-ssh-agent = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# GPG configuration
|
||||||
|
programs.gpg = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
keyserver = "hkps://keys.openpgp.org";
|
||||||
|
keyid-format = "0xlong";
|
||||||
|
with-fingerprint = true;
|
||||||
|
personal-cipher-preferences = "AES256 AES192 AES";
|
||||||
|
personal-digest-preferences = "SHA512 SHA384 SHA256";
|
||||||
|
personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
|
||||||
|
};
|
||||||
|
scdaemonSettings = {
|
||||||
|
disable-ccid = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Manage your git configuration declaratively
|
# Manage your git configuration declaratively
|
||||||
programs.git = {
|
programs.git = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
signing = {
|
||||||
|
key = null; # Will be set after GPG key generation
|
||||||
|
signByDefault = true;
|
||||||
|
};
|
||||||
settings = {
|
settings = {
|
||||||
user = {
|
user = {
|
||||||
name = "0xWheatyz";
|
name = "0xWheatyz";
|
||||||
|
|||||||
Reference in New Issue
Block a user