From d837f961f22ccc4d0d073c0e5fb084e0db342a48 Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Sun, 14 Jun 2026 11:38:56 +0800 Subject: [PATCH] feat: add support for canokeys --- home/base/tui/canokey.nix | 6 +++ modules/darwin/apps.nix | 2 + modules/nixos/base/user-group.nix | 1 + modules/nixos/desktop/canokey.nix | 37 +++++++++++++++++++ .../aarch64-linux/src/12kingdoms-shoukei.nix | 1 + outputs/x86_64-linux/src/idols-ai.nix | 1 + 6 files changed, 48 insertions(+) create mode 100644 home/base/tui/canokey.nix create mode 100644 modules/nixos/desktop/canokey.nix diff --git a/home/base/tui/canokey.nix b/home/base/tui/canokey.nix new file mode 100644 index 00000000..ca7feff5 --- /dev/null +++ b/home/base/tui/canokey.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + pcsc-tools + ]; +} diff --git a/modules/darwin/apps.nix b/modules/darwin/apps.nix index 61bc6f4c..6497d9d1 100644 --- a/modules/darwin/apps.nix +++ b/modules/darwin/apps.nix @@ -70,6 +70,8 @@ in nushell # my custom shell gnugrep # replacee macos's grep gnutar # replacee macos's tar + pcsclite + pcsc-tools ]; environment.variables = { # Fix https://github.com/LnL7/nix-darwin/wiki/Terminfo-issues diff --git a/modules/nixos/base/user-group.nix b/modules/nixos/base/user-group.nix index 23cc2efa..057655f1 100644 --- a/modules/nixos/base/user-group.nix +++ b/modules/nixos/base/user-group.nix @@ -39,6 +39,7 @@ "wireshark" "adbusers" # android debugging "libvirtd" # virt-viewer / qemu + "plugdev" # canokey / openocd udev "fileshare" ]; }; diff --git a/modules/nixos/desktop/canokey.nix b/modules/nixos/desktop/canokey.nix new file mode 100644 index 00000000..aac7d53c --- /dev/null +++ b/modules/nixos/desktop/canokey.nix @@ -0,0 +1,37 @@ +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.modules.desktop.canokey; +in +{ + options.modules.desktop.canokey = { + enable = lib.mkEnableOption "CanoKey hardware security key support"; + }; + + config = lib.mkIf cfg.enable { + services.pcscd.enable = true; + + services.udev.extraRules = '' + # CanoKey - GnuPG/pcsclite + SUBSYSTEM!="usb", GOTO="canokey_rules_end" + ACTION!="add|change", GOTO="canokey_rules_end" + ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42d4", ENV{ID_SMARTCARD_READER}="1" + LABEL="canokey_rules_end" + + # CanoKey - FIDO2 + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="42d4", TAG+="uaccess", GROUP="plugdev", MODE="0660" + + # CanoKey - WebUSB + SUBSYSTEMS=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="42d4", MODE:="0666" + ''; + + environment.systemPackages = with pkgs; [ + ccid + pcsc-tools + ]; + }; +} diff --git a/outputs/aarch64-linux/src/12kingdoms-shoukei.nix b/outputs/aarch64-linux/src/12kingdoms-shoukei.nix index e70c14e7..df788a9e 100644 --- a/outputs/aarch64-linux/src/12kingdoms-shoukei.nix +++ b/outputs/aarch64-linux/src/12kingdoms-shoukei.nix @@ -34,6 +34,7 @@ let modules.secrets.preservation.enable = true; # not supported yet modules.desktop.gaming.enable = false; + modules.desktop.canokey.enable = true; } ]; home-modules = map mylib.relativeToRoot [ diff --git a/outputs/x86_64-linux/src/idols-ai.nix b/outputs/x86_64-linux/src/idols-ai.nix index 350cb4cc..40d4d21b 100644 --- a/outputs/x86_64-linux/src/idols-ai.nix +++ b/outputs/x86_64-linux/src/idols-ai.nix @@ -34,6 +34,7 @@ let modules.secrets.desktop.enable = true; modules.secrets.preservation.enable = true; modules.desktop.gaming.enable = true; + modules.desktop.canokey.enable = true; } ]; home-modules = map mylib.relativeToRoot [