Made yubikey config reusable

common/yubikey.nix

@@ -0,0 +1,24 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    yubikey-manager
+    yubikey-agent
+    yubico-pam
+  ];
+
+  services.pcscd.enable = true;
+
+  security.pam.yubico = {
+    enable = true;
+    #debug = true;
+    mode = "challenge-response";
+    # Uncomment below for 2FA
+    #control = "required";
+  };
+  # To set up, need to run (might need to run as root)
+  # ykman otp chalresp --touch --generate 2
+  # ykpamcfg -2 -v
+}

flake.nix

@@ -51,6 +51,7 @@
 
         modules = [
           ./system/carbon/configuration.nix
+          ./common/yubikey.nix
         ];
       };
 
@@ -59,6 +60,7 @@
 
         modules = [
           ./system/gospel/configuration.nix
+          ./common/yubikey.nix
         ];
       };
     };

system/carbon/configuration.nix

@@ -109,10 +109,6 @@
     wireguard-tools
 
     prusa-slicer
-
-    yubikey-manager
-    yubikey-agent
-    yubico-pam
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -165,19 +161,6 @@
     pulse.enable = true;
   };
 
-  services.pcscd.enable = true;
-
-  security.pam.yubico = {
-    enable = true;
-    #debug = true;
-    mode = "challenge-response";
-    # Uncomment below for 2FA
-    #control = "required";
-  };
-  # To set up, need to run (might need to run as root)
-  # ykman otp chalresp --touch --generate 2
-  # ykpamcfg -2 -v
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];

users/alejandro/gpg.nix

@@ -10,6 +10,10 @@
 
   programs.gpg = {
     enable = true;
+    scdaemonSettings = {
+      # Fix conflicts with config in common/yubikey.nix
+      disable-ccid = true;
+    };
   };
 
   services.gpg-agent = {