nixos/yubikey-agent: start enabled agent on boot

This adds a `wantedBy` clause to the user systemd service for yubikey-agent, to ensure an enabled agent is started on boot. This brings the behavior inline with existing documentation. If the user has selected a graphical pinentry program, then we need to wait for the graphical environment to exist before starting the yubikey-agent. I've found that if we start the agent earlier it will fail when we perform an ssh command later.
author: Jasper Woudenberg <mail@jasperwoudenberg.com> 2021-10-29 23:00:57 +0200
committer: Jasper Woudenberg <mail@jasperwoudenberg.com> 2021-10-29 23:13:46 +0200
commit: 4ceb33b982d71ca1cc593482efc04b64fa44353c (patch)
tree: 32f91bc5070d0377e98a71b74142c547db81152e /nixos/modules/services/security/yubikey-agent.nix
parent: e6b6a3b3c4cefafb73f477ce22e0dba1bebb3e88 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/nixos/modules/services/security/yubikey-agent.nix b/nixos/modules/services/security/yubikey-agent.nix
index 8a2f98d0412d1..d85b6aae1a99f 100644
--- a/nixos/modules/services/security/yubikey-agent.nix
+++ b/nixos/modules/services/security/yubikey-agent.nix
@@ -49,6 +49,12 @@ in
     # yubikey-agent package
     systemd.user.services.yubikey-agent = mkIf (pinentryFlavor != null) {
       path = [ pkgs.pinentry.${pinentryFlavor} ];
+      wantedBy = [
+        (if pinentryFlavor == "tty" || pinentryFlavor == "curses" then
+          "default.target"
+        else
+          "graphical-session.target")
+      ];
     };
 
     environment.extraInit = ''
author	Jasper Woudenberg <mail@jasperwoudenberg.com>	2021-10-29 23:00:57 +0200
committer	Jasper Woudenberg <mail@jasperwoudenberg.com>	2021-10-29 23:13:46 +0200
commit	4ceb33b982d71ca1cc593482efc04b64fa44353c (patch)
tree	32f91bc5070d0377e98a71b74142c547db81152e /nixos/modules/services/security/yubikey-agent.nix
parent	e6b6a3b3c4cefafb73f477ce22e0dba1bebb3e88 (diff)