From 2edf38876ddbb4c8bfc16ee31208d8169e5090ec Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Thu, 4 Jun 2020 19:34:55 +0800
Subject: [PATCH] nixops: enable SSH agent with opensc on desktop machines

---
 nixops/desktop.nix | 3 +++
 nixops/light.nix   | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/nixops/desktop.nix b/nixops/desktop.nix
index e0ad6b8..d8aeb48 100644
--- a/nixops/desktop.nix
+++ b/nixops/desktop.nix
@@ -49,6 +49,9 @@ in
     ''
     PKCS11Provider "${pkgs.opensc}/lib/opensc-pkcs11.so"
     '';
+  programs.ssh.startAgent = true;
+  services.gnome3.gnome-keyring.enable = pkgs.lib.mkForce false;
+  programs.ssh.agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so";
 
   # Enable CUPS to print documents.
   services.printing = {
diff --git a/nixops/light.nix b/nixops/light.nix
index 34ed592..266f2bd 100644
--- a/nixops/light.nix
+++ b/nixops/light.nix
@@ -38,6 +38,8 @@
     ''
     PKCS11Provider "${pkgs.opensc}/lib/opensc-pkcs11.so"
     '';
+  programs.ssh.startAgent = true;
+  programs.ssh.agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so";
 
   # Enable CUPS to print documents.
   services.printing = {