feat: add support for canokeys

2026-06-22 21:29:29 +02:00 · 2026-06-14 11:38:56 +08:00
parent eaacb0f9e7
commit d837f961f2
6 changed files with 48 additions and 0 deletions
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  home.packages = with pkgs; [
+    pcsc-tools
+  ];
+}
@@ -70,6 +70,8 @@ in
    nushell # my custom shell
    gnugrep # replacee macos's grep
    gnutar # replacee macos's tar
+    pcsclite
+    pcsc-tools
  ];
  environment.variables = {
    # Fix https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues
@@ -39,6 +39,7 @@
      "wireshark"
      "adbusers" # android debugging
      "libvirtd" # virt-viewer / qemu
+      "plugdev" # canokey / openocd udev
      "fileshare"
    ];
  };
@@ -0,0 +1,37 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.modules.desktop.canokey;
+in
+{
+  options.modules.desktop.canokey = {
+    enable = lib.mkEnableOption "CanoKey hardware security key support";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.pcscd.enable = true;
+
+    services.udev.extraRules = ''
+      # CanoKey - GnuPG/pcsclite
+      SUBSYSTEM!="usb", GOTO="canokey_rules_end"
+      ACTION!="add|change", GOTO="canokey_rules_end"
+      ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42d4", ENV{ID_SMARTCARD_READER}="1"
+      LABEL="canokey_rules_end"
+
+      # CanoKey - FIDO2
+      KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42d4", TAG+="uaccess", GROUP="plugdev", MODE="0660"
+
+      # CanoKey - WebUSB
+      SUBSYSTEMS=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="42d4", MODE:="0666"
+    '';
+
+    environment.systemPackages = with pkgs; [
+      ccid
+      pcsc-tools
+    ];
+  };
+}
@@ -34,6 +34,7 @@ let
          modules.secrets.preservation.enable = true;
          # not supported yet
          modules.desktop.gaming.enable = false;
+          modules.desktop.canokey.enable = true;
        }
      ];
    home-modules = map mylib.relativeToRoot [
@@ -34,6 +34,7 @@ let
          modules.secrets.desktop.enable = true;
          modules.secrets.preservation.enable = true;
          modules.desktop.gaming.enable = true;
+          modules.desktop.canokey.enable = true;
        }
      ];
    home-modules = map mylib.relativeToRoot [