Fixed broken commit signing

Signed-off-by: Alejandro Angulo <iam@alejandr0angul0.dev>

modules/apps/yubikey/default.nix

@@ -0,0 +1,35 @@
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.aa.apps.yubikey;
+in {
+  options.aa.apps.yubikey = with types; {
+    enable = mkEnableOption "yubikey";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      yubikey-manager
+      yubikey-agent
+      yubico-pam
+    ];
+
+    services.pcscd.enable = true;
+
+    security.pam.yubico = {
+      enable = true;
+      #debug = true;
+      mode = "challenge-response";
+      # Uncomment below for 2FA
+      #control = "required";
+    };
+    # To set up, need to run (might need to run first command as root)
+    # ykman otp chalresp --touch --generate 2
+    # ykpamcfg -2 -v
+  };
+}

modules/tools/git/default.nix

@@ -53,7 +53,7 @@ in {
 
         signing = {
           key = cfg.signingKey;
-          signByDefault = mkIf gpg.enable true;
+          signByDefault = mkIf config.aa.tools.gpg.enable true;
         };
 
         ignores = [

systems/x86_64-linux/gospel/default.nix

@@ -19,11 +19,13 @@
     suites.gaming.enable = true;
 
     tools.git.enable = true;
+    tools.gpg.enable = true;
     tools.zsh.enable = true;
     tools.exa.enable = true;
 
     apps.neovim.enable = true;
     apps.tmux.enable = true;
+    apps.yubikey.enable = true;
 
     services.openssh.enable = true;
     services.nix-serve = {