nixos/yubikey-agent: start enabled agent on boot

This adds a `wantedBy` clause to the user systemd service for yubikey-agent, to ensure an enabled agent is started on boot. This brings the behavior inline with existing documentation. If the user has selected a graphical pinentry program, then we need to wait for the graphical environment to exist before starting the yubikey-agent. I've found that if we start the agent earlier it will fail when we perform an ssh command later.
2021-10-29 23:00:57 +02:00 · 2021-10-29 23:00:57 +02:00 · 4ceb33b982
commit 4ceb33b982
parent e6b6a3b3c4
1 changed files with 6 additions and 0 deletions
--- a/nixos/modules/services/security/yubikey-agent.nix
+++ b/nixos/modules/services/security/yubikey-agent.nix
@ -49,6 +49,12 @@ in
    # yubikey-agent package
    systemd.user.services.yubikey-agent = mkIf (pinentryFlavor != null) {
      path = [ pkgs.pinentry.${pinentryFlavor} ];
+      wantedBy = [
+        (if pinentryFlavor == "tty" || pinentryFlavor == "curses" then
+          "default.target"
+        else
+          "graphical-session.target")
+      ];
    };

    environment.extraInit = ''