blob: ce63b01e2c4e1b2db7c9046f74f8f27203029092 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
{
pkgs,
lib,
cfg,
doctrine,
...
}: let
athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release};
inherit (athena) vendor;
in {
environment = {
etc =
{
"pkcs11/modules/${vendor}".text = ''
module: ${athena.pkcs11-module}
'';
}
// lib.optionalAttrs (vendor == "athena") {
"Athena".source = "${athena.card-driver.lib}/etc/Athena";
}
// lib.optionalAttrs (vendor == "idopte") {
"idoss.conf".source = "${athena.card-driver.lib}/etc/idoss.conf";
"idoss.lic".source = "${athena.card-driver.lib}/etc/idoss.lic";
};
systemPackages = [athena.card-driver];
};
security = {
#FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];
polkit = {
enable = lib.mkDefault true;
extraConfig = ''
polkit.addRule(function(action, subject) {
if ((action.id == "org.debian.pcsc-lite.access_pcsc" || action.id == "org.debian.pcsc-lite.access_card") &&
subject.isInGroup("users")) {
return polkit.Result.YES;
}
});
'';
};
};
services = {
pcscd.enable = true;
udev.extraRules = ''
# Athena Smartcard Solutions, Inc. ASEDrive V3CR
ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess"
'';
};
users.groups.${cfg.group} = {};
}
|
