From 9c68a345f27ff3e5538c2809acd9bb42cfc2f45f Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Fri, 20 Oct 2023 14:56:07 +0200 Subject: [PATCH] fix: ssh smartcard gpg-agent --- modules/nitrokey-gpg-smartcard.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/modules/nitrokey-gpg-smartcard.nix b/modules/nitrokey-gpg-smartcard.nix index 91ce040..1b057ff 100644 --- a/modules/nitrokey-gpg-smartcard.nix +++ b/modules/nitrokey-gpg-smartcard.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { # Use NitroKey USB smartcard with SSH. # https://nixos.wiki/wiki/Nitrokey @@ -101,8 +101,9 @@ # https://wiki.archlinux.org/title/GnuPG#GNOME_on_Wayland_overrides_SSH_agent_socket # # Solution 1: https://github.com/NixOS/nixpkgs/issues/42291#issuecomment-399630199 + # Works for me. # Solution 2: https://github.com/NixOS/nixpkgs/issues/42291#issuecomment-687979733 - services.gnome.gnome-keyring.enable = pkgs.lib.mkForce false; + # Works for me, but on each login, nextcloud-desktop asks for credentials ... # Adds the pinentry binary to the PATH so that e.g. # echo GETPIN | pinentry @@ -143,6 +144,16 @@ home-manager.users.yoda = { osConfig, config, pkgs, ... }: { + # Disable GNOME Keyring. See comment above. + # + # Prevent clobbering SSH_AUTH_SOCK + home.sessionVariables.GSM_SKIP_SSH_AGENT_WORKAROUND = "1"; + # Disable gnome-keyring ssh-agent + xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = '' + ${lib.fileContents "${pkgs.gnome3.gnome-keyring}/etc/xdg/autostart/gnome-keyring-ssh.desktop"} + Hidden=true + ''; + # GnuPG configuration. programs.gpg = { enable = true;