From c811e70254385b7e55fa9f540a0b6c58c6ccfa4c Mon Sep 17 00:00:00 2001
From: Alejandro Angulo <iam@alejandr0angul0.dev>
Date: Sat, 25 Mar 2023 11:06:16 -0700
Subject: [PATCH] Fixed broken commit signing

Signed-off-by: Alejandro Angulo <iam@alejandr0angul0.dev>
---
 modules/apps/yubikey/default.nix        | 35 +++++++++++++++++++++++++
 modules/tools/git/default.nix           |  2 +-
 systems/x86_64-linux/gospel/default.nix |  2 ++
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 modules/apps/yubikey/default.nix

diff --git a/modules/apps/yubikey/default.nix b/modules/apps/yubikey/default.nix
new file mode 100644
index 0000000..62c0228
--- /dev/null
+++ b/modules/apps/yubikey/default.nix
@@ -0,0 +1,35 @@
+{
+  options,
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.aa.apps.yubikey;
+in {
+  options.aa.apps.yubikey = with types; {
+    enable = mkEnableOption "yubikey";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      yubikey-manager
+      yubikey-agent
+      yubico-pam
+    ];
+
+    services.pcscd.enable = true;
+
+    security.pam.yubico = {
+      enable = true;
+      #debug = true;
+      mode = "challenge-response";
+      # Uncomment below for 2FA
+      #control = "required";
+    };
+    # To set up, need to run (might need to run first command as root)
+    # ykman otp chalresp --touch --generate 2
+    # ykpamcfg -2 -v
+  };
+}
diff --git a/modules/tools/git/default.nix b/modules/tools/git/default.nix
index 76076b3..8d0e70e 100644
--- a/modules/tools/git/default.nix
+++ b/modules/tools/git/default.nix
@@ -53,7 +53,7 @@ in {
 
         signing = {
           key = cfg.signingKey;
-          signByDefault = mkIf gpg.enable true;
+          signByDefault = mkIf config.aa.tools.gpg.enable true;
         };
 
         ignores = [
diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix
index 4e213a6..6916095 100644
--- a/systems/x86_64-linux/gospel/default.nix
+++ b/systems/x86_64-linux/gospel/default.nix
@@ -19,11 +19,13 @@
     suites.gaming.enable = true;
 
     tools.git.enable = true;
+    tools.gpg.enable = true;
     tools.zsh.enable = true;
     tools.exa.enable = true;
 
     apps.neovim.enable = true;
     apps.tmux.enable = true;
+    apps.yubikey.enable = true;
 
     services.openssh.enable = true;
     services.nix-serve = {