hosts/odyssey: add yubikey tools

flake.nix

@@ -113,10 +113,10 @@
     }:
     flake-parts.lib.mkFlake { inherit inputs; } {
       imports = [
-        inputs.agenix-rekey.flakeModule
         inputs.pre-commit-hooks.flakeModule
         inputs.nix-topology.flakeModule
         inputs.treefmt-nix.flakeModule
+        ./nix/agenix-rekey.nix
         ./nix/devshell.nix
         ./nix/hosts.nix
       ];

hosts/common.nix

@@ -6,7 +6,7 @@
 }:
 {
   imports = [
-    inputs.agenix.nixosModules.age
+    inputs.agenix.nixosModules.default
     inputs.home-manager.nixosModules.home-manager
     ../modules/nixos
     ../modules/nixos/impermanence.nix

hosts/odyssey/default.nix

@@ -50,6 +50,17 @@
     capSysAdmin = true;
   };
 
+  environment.systemPackages = with pkgs; [
+    yubikey-manager
+    age-plugin-yubikey
+  ];
+
+  services.udev.packages = with pkgs; [
+    libfido2
+  ];
+
+  services.pcscd.enable = true;
+
   modules = {
     hardware.presonus-studio.enable = true;
     services = {

nix/agenix-rekey.nix

@@ -0,0 +1,29 @@
+{
+  inputs,
+  ...
+}:
+{
+  imports = [
+    inputs.agenix-rekey.flakeModule
+  ];
+
+  perSystem =
+    { config, ... }:
+    {
+      agenix-rekey.nixosConfigurations = inputs.self.nixosConfigurations;
+      devshells.default = {
+        commands = [
+          {
+            inherit (config.agenix-rekey) package;
+            help = "Edit, generate, and rekey secrets";
+          }
+        ];
+        env = [
+          {
+            name = "AGENIX_REKEY_ADD_TO_GIT";
+            value = "true";
+          }
+        ];
+      };
+    };
+}