From 4ceb33b982d71ca1cc593482efc04b64fa44353c Mon Sep 17 00:00:00 2001
From: Jasper Woudenberg <mail@jasperwoudenberg.com>
Date: Fri, 29 Oct 2021 23:00:57 +0200
Subject: nixos/yubikey-agent: start enabled agent on boot

This adds a `wantedBy` clause to the user systemd service for
yubikey-agent, to ensure an enabled agent is started on boot. This
brings the behavior inline with existing documentation.

If the user has selected a graphical pinentry program, then we need to
wait for the graphical environment to exist before starting the
yubikey-agent. I've found that if we start the agent earlier it will
fail when we perform an ssh command later.
---
 nixos/modules/services/security/yubikey-agent.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nixos/modules/services/security/yubikey-agent.nix b/nixos/modules/services/security/yubikey-agent.nix
index 8a2f98d0412..d85b6aae1a9 100644
--- a/nixos/modules/services/security/yubikey-agent.nix
+++ b/nixos/modules/services/security/yubikey-agent.nix
@@ -49,6 +49,12 @@ in
     # yubikey-agent package
     systemd.user.services.yubikey-agent = mkIf (pinentryFlavor != null) {
       path = [ pkgs.pinentry.${pinentryFlavor} ];
+      wantedBy = [
+        (if pinentryFlavor == "tty" || pinentryFlavor == "curses" then
+          "default.target"
+        else
+          "graphical-session.target")
+      ];
     };
 
     environment.extraInit = ''
-- 
cgit 1.4.1