{ config, lib, pkgs, ... }: let cfg = config.sisyphus.hardware.yubikey; in { options.sisyphus.hardware.yubikey.enable = lib.mkEnableOption "YubiKey support"; config = lib.mkIf cfg.enable { programs = { gnupg.agent = { enable = true; # TODO Necessary? # enableSSHSupport = true; # pinentryFlavor = "curses"; }; # yubikey-touch-detector.enable = true; }; # Enable smart card reading services.pcscd.enable = true; environment.systemPackages = with pkgs; [ yubikey-touch-detector ]; # Send a notification if the YubiKey is waiting for touch. systemd.services.yubikey-touch-detector = { enable = true; description = "Detects when your YubiKey is waiting for a touch"; path = with pkgs; [ gnupg yubikey-touch-detector ]; wantedBy = [ "graphical-session.target" ]; script = ''exec yubikey-touch-detector --libnotify''; environment.YUBIKEY_TOUCH_DETECTOR_LIBNOTIFY = "true"; }; }; }