fix Nitrokey timing conflict

modules/nitrokey-gpg-smartcard.nix

@@ -107,17 +107,41 @@
   #  ];
   #};
 
+  # https://docs.nitrokey.com/nitrokey3/windows/troubleshooting.html#gnupg-openpgp-card-not-available
+  #
+  # There are two common smartcard services on Linux systems
+  # - scdaemon (gpg) with two drivers:
+  #   - ccid: directly accesses smartcard
+  #   - pcsc: uses the pcscd daemon to access smartcard
+  # - pcscd (generic smartcard daemon)
+  #
+  # `pcscd` might lock the card before `scdaemon` tries to access it
+  # using the internal `ccid` driver
+  #
+  # Either uninstall `pcscd` **or**
+  # use the `pcscd` driver for `scdaemon`
+  # by adding `disable-ccid` to `~/.gnupg/scdaemon.conf`
+
   # Smartcard daemon.
   services.pcscd.enable = true;
 
   home-manager.users.yoda = { osConfig, config, pkgs, ... }: {
 
     # GnuPG configuration.
-    # Examples:
-    #   https://github.com/ioerror/duraconf
-    #   https://gist.github.com/graffen/37eaa2332ee7e584bfda
     programs.gpg = {
       enable = true;
+      scdaemonSettings = {
+        disable-ccid = true;
+      };
+      publicKeys = [{
+        source = "${../assets/gpg/pubkey_nitrokey.asc}";
+        # ultimate
+        trust = 5;
+      }];
+
+      # Examples:
+      #   https://github.com/ioerror/duraconf
+      #   https://gist.github.com/graffen/37eaa2332ee7e584bfda
       settings = {
         # Display long key IDs
         keyid-format = "0xlong";
@@ -129,13 +153,6 @@
         list-options = "show-uid-validity";
         verify-options = "show-uid-validity";
       };
-      publicKeys = [
-        {
-          source = "${../assets/gpg/pubkey_nitrokey.asc}";
-          # ultimate
-          trust = 5;
-        }
-      ];
     };
 
   };