fix: ssh smartcard gpg-agent

2024-11-21 22:03:19 +01:00 · 2023-10-20 14:56:07 +02:00 · 2023-10-20 14:56:07 +02:00 · 9c68a345f2
commit 9c68a345f2
parent 54307d3927
1 changed files with 13 additions and 2 deletions
--- a/modules/nitrokey-gpg-smartcard.nix
+++ b/modules/nitrokey-gpg-smartcard.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
  # Use NitroKey USB smartcard with SSH.
  # https://nixos.wiki/wiki/Nitrokey
@ -101,8 +101,9 @@
  # https://wiki.archlinux.org/title/GnuPG#GNOME_on_Wayland_overrides_SSH_agent_socket
  #
  # Solution 1: https://github.com/NixOS/nixpkgs/issues/42291#issuecomment-399630199
+  #   Works for me.
  # Solution 2: https://github.com/NixOS/nixpkgs/issues/42291#issuecomment-687979733
-  services.gnome.gnome-keyring.enable = pkgs.lib.mkForce false;
+  #   Works for me, but on each login, nextcloud-desktop asks for credentials ...

  # Adds the pinentry binary to the PATH so that e.g.
  #   echo GETPIN | pinentry
@ -143,6 +144,16 @@

  home-manager.users.yoda = { osConfig, config, pkgs, ... }: {

+    # Disable GNOME Keyring. See comment above.
+    #
+    # Prevent clobbering SSH_AUTH_SOCK
+    home.sessionVariables.GSM_SKIP_SSH_AGENT_WORKAROUND = "1";
+    # Disable gnome-keyring ssh-agent
+    xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = ''
+      ${lib.fileContents "${pkgs.gnome3.gnome-keyring}/etc/xdg/autostart/gnome-keyring-ssh.desktop"}
+      Hidden=true
+    '';
+
    # GnuPG configuration.
    programs.gpg = {
      enable = true;