From ab4e3f5cd090f75043ce361bcda9cf67c2616712 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Thu, 31 Aug 2023 13:22:12 +0200
Subject: [PATCH] refactor nitrokey ssh

---
 yodaTab/configuration.nix | 28 +---------------------------
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/yodaTab/configuration.nix b/yodaTab/configuration.nix
index edeffbb..6babef0 100644
--- a/yodaTab/configuration.nix
+++ b/yodaTab/configuration.nix
@@ -10,6 +10,7 @@
       ./hardware-configuration.nix
       ./home-manager.nix
       ./print-and-scan.nix
+      ./nitrokey-ssh-gpg.nix
       ./ssh-unlock.nix
     ];
 
@@ -165,33 +166,6 @@
   # started in user sessions.
   # programs.mtr.enable = true;
 
-  # Enable SSH server.
-  services.openssh = {
-    enable = true;
-    # Forbid root login through SSH.
-    settings.PermitRootLogin = "no";
-    # Use authorized keys only.
-    settings.PasswordAuthentication = false;
-  };
-
-  # Use NitroKey USB smartcard with SSH.
-  # https://nixos.wiki/wiki/Nitrokey
-  #
-  # Restart gpg-agent after config change.
-  # Otherwise there might be a gpg error about "no pinentry".
-  # https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/19
-  #
-  # Import public key of Nitrokey with GNOME "Passwords and Keys" and set trust to "Ultimate".
-  #
-  services.udev.packages = [ pkgs.nitrokey-udev-rules ];
-  programs = {
-    ssh.startAgent = false;
-    gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-    };
-  };
-
   nix.settings.auto-optimise-store = true;
 
   # Firewall