diff options
Diffstat (limited to 'sys/hardware/athena.nix')
| -rw-r--r-- | sys/hardware/athena.nix | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/sys/hardware/athena.nix b/sys/hardware/athena.nix new file mode 100644 index 0000000..755c184 --- /dev/null +++ b/sys/hardware/athena.nix @@ -0,0 +1,48 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.hardware.athena; + + athena = pkgs.local.athena-bccr.${cfg.release}; +in { + options.local.hardware.athena = { + enable = mkEnableOption "Athena ASEDrive III smartcard reader"; + + release = mkOption { + type = types.str; + default = "latest"; + description = "athena-bccr release tag"; + }; + }; + + config = mkIf cfg.enable { + environment = { + etc = { + "Athena".source = "${athena.ase-pkcs11}/etc/Athena"; + + "pkcs11/modules/asep11".text = '' + module: ${athena.libasep11} + ''; + }; + + systemPackages = [athena.ase-pkcs11]; + }; + + #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA + security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"]; + + services = { + pcscd.enable = true; + + #TODO: Sería mejor agregar un grupo separado + udev.extraRules = '' + # Athena Smartcard Solutions, Inc. ASEDrive V3CR + ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="users", TAG+="uaccess" + ''; + }; + }; +} |