によると、アクティベーションman configuration.nixはログイン時に開始する必要がservices.yubikey-agentあります。yubikey-agent
services.yubikey-agent.enable
Whether to start yubikey-agent when you log in. Also sets SSH_AUTH_SOCK to point
at yubikey-agent.
Note that yubikey-agent will use whatever pinentry is specified in
programs.gnupg.agent.pinentryFlavor.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/yubikey-agent.nix>
しかし、再起動後もこの方法はもう機能しないようです。
➤ grep yubikey-agent /etc/nixos/configuration.nix
services.yubikey-agent.enable = true; # used for SSH agent
➤ ssh-add -l
Error connecting to agent: Connection refused
➤ pgrep -f yubikey || echo "not found"
not found
私をさらに混乱させるのは、systemctlそれを見つけることもできないということですyubikey-agent.service。
➤ systemctl start yubikey-agent.service
Failed to start yubikey-agent.service: Unit yubikey-agent.service not found.
私にぴったりの場所のようです。
➤ ls -l /run/current-system/sw/lib/systemd/user/yubikey-agent.service
lrwxrwxrwx 1 root root 102 Dec 31 1969 /run/current-system/sw/lib/systemd/user/yubikey-agent.service -> /nix/store/x7ln7dxjyfakn9cq8g1lwhlbmmyx0bzy-yubikey-agent-0.1.6/lib/systemd/user/yubikey-agent.service
➤ cat /run/current-system/sw/lib/systemd/user/yubikey-agent.service
[Unit]
Description=Seamless ssh-agent for YubiKeys
Documentation=https://filippo.io/yubikey-agent
[Service]
ExecStart=/nix/store/x7ln7dxjyfakn9cq8g1lwhlbmmyx0bzy-yubikey-agent-0.1.6/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock
ExecReload=/bin/kill -HUP $MAINPID
IPAddressDeny=any
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
LockPersonality=yes
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
NoNewPrivileges=yes
KeyringMode=private
UMask=0177
RuntimeDirectory=yubikey-agent
[Install]
WantedBy=default.target
これはNixOS 22.11にあります:
➤ sudo nix-channel --list
nixos https://nixos.org/channels/nixos-22.11