에 따르면 man configuration.nix활성화는 로그인 시 시작 services.yubikey-agent되어야 합니다 .yubikey-agent
services.yubikey-agent.enable
Whether to start yubikey-agent when you log in. Also sets SSH_AUTH_SOCK to point
at yubikey-agent.
Note that yubikey-agent will use whatever pinentry is specified in
programs.gnupg.agent.pinentryFlavor.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/yubikey-agent.nix>
하지만 재부팅 후에도 이 방법이 더 이상 작동하지 않는 것 같습니다.
➤ grep yubikey-agent /etc/nixos/configuration.nix
services.yubikey-agent.enable = true; # used for SSH agent
➤ ssh-add -l
Error connecting to agent: Connection refused
➤ pgrep -f yubikey || echo "not found"
not found
나를 더욱 혼란스럽게 만드는 것은 systemctl그것을 찾을 수도 없다는 것입니다 yubikey-agent.service.
➤ systemctl start yubikey-agent.service
Failed to start yubikey-agent.service: Unit yubikey-agent.service not found.
나에게 딱 맞는 곳인 것 같습니다.
➤ ls -l /run/current-system/sw/lib/systemd/user/yubikey-agent.service
lrwxrwxrwx 1 root root 102 Dec 31 1969 /run/current-system/sw/lib/systemd/user/yubikey-agent.service -> /nix/store/x7ln7dxjyfakn9cq8g1lwhlbmmyx0bzy-yubikey-agent-0.1.6/lib/systemd/user/yubikey-agent.service
➤ cat /run/current-system/sw/lib/systemd/user/yubikey-agent.service
[Unit]
Description=Seamless ssh-agent for YubiKeys
Documentation=https://filippo.io/yubikey-agent
[Service]
ExecStart=/nix/store/x7ln7dxjyfakn9cq8g1lwhlbmmyx0bzy-yubikey-agent-0.1.6/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock
ExecReload=/bin/kill -HUP $MAINPID
IPAddressDeny=any
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
LockPersonality=yes
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
NoNewPrivileges=yes
KeyringMode=private
UMask=0177
RuntimeDirectory=yubikey-agent
[Install]
WantedBy=default.target
이것은 NixOS 22.11에 있습니다:
➤ sudo nix-channel --list
nixos https://nixos.org/channels/nixos-22.11