add doc

modules/nitrokey-ssh-gpg.nix

@@ -12,7 +12,18 @@
 
   # Use NitroKey USB smartcard with SSH.
   # https://nixos.wiki/wiki/Nitrokey
-  #
+
+  # Test suite. TODO: Check all of this after config changes!
+  # - pinentry should be in $PATH
+  #   echo GETPIN | pinentry
+  # - smartcard should be listed
+  #   gpg --card-status
+  # - ssh should work
+  #   export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh
+  #   ssh nas
+  # - signed git commits should work in IntelliJ
+  #   IntelliJ IDE -> git commit -> graphical pinentry should pop-up
+
   # Restart gpg-agent after config change.
   # Otherwise there might be a gpg error about "no pinentry".
   # https://discourse.nixos.org/t/cant-get-gnupg-to-work-no-pinentry/15373/19
@@ -65,7 +76,8 @@
   # ssh nas
   #=> Works!
 
-  # TODO: What is the difference between programs.gnupg.agent.enableSSHSupport and
+  # TODO:
+  #  What is the difference between programs.gnupg.agent.enableSSHSupport and
   #  services.gpg-agent.enableSshSupport = true;
 
   services.udev.packages = [ pkgs.nitrokey-udev-rules ];
@@ -80,13 +92,6 @@
     };
   };
 
-#  users.users.yoda = {
-#    packages = with pkgs; [
-#      #pinentry-curses
-#      pinentry-gnome
-#    ];
-#  };
-
   # Adds the pinentry binary to the PATH so that e.g.
   #   echo GETPIN | pinentry
   # works.
@@ -95,6 +100,13 @@
     pinentry-gnome
   ];
 
+  #users.users.yoda = {
+  #  packages = with pkgs; [
+  #    #pinentry-curses
+  #    pinentry-gnome
+  #  ];
+  #};
+
   # Smartcard daemon.
   services.pcscd.enable = true;