From 27829eb0fc6f3174f2670e7c4fe0cfdb8c7ee51a Mon Sep 17 00:00:00 2001
From: Jo <jo@thevoid.cafe>
Date: Mon, 23 Dec 2024 18:33:51 +0100
Subject: [PATCH] feat: update yubikey configuration

---
 modules/nixos/security/yubikey/default.nix | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/security/yubikey/default.nix b/modules/nixos/security/yubikey/default.nix
index 4ae1cf8..d4c8cd3 100644
--- a/modules/nixos/security/yubikey/default.nix
+++ b/modules/nixos/security/yubikey/default.nix
@@ -7,7 +7,7 @@
 }: with lib; with lib.${namespace};
 let
   cfg = config.${namespace}.security.yubikey;
-in 
+in
 {
   options.${namespace}.security.yubikey = with types; {
     enable = mkEnableOption "Enable the Yubikey as a security device.";
@@ -17,6 +17,7 @@ in
       example = [ "123456" "1234567" ];
       description = "Register additional Yubikey IDs.";
     };
+    enable-agent = mkEnableOption "Enable the Yubikey agent";
   };
 
   config = mkIf cfg.enable {
@@ -34,5 +35,16 @@ in
       login.u2fAuth = true;
       sudo.u2fAuth = true;
     };
+
+    services.yubikey-agent.enable = cfg.enable-agent;
+
+    programs.ssh.extraConfig = mkIf cfg.enable-agent ''
+        Host *
+            IdentityAgent /usr/local/var/run/yubikey-agent.sock
+    '';
+
+    environment.sessionVariables = mkIf cfg.enable-agent {
+        SSH_AUTH_SOCK = "/usr/local/var/run/yubikey-agent.sock";
+    };
   };
-}
\ No newline at end of file
+}