VSCodium not able to access gpg-agent (yubikey)

kiranshila · June 8, 2024, 3:58am

Hey everyone, I’m new to NixOS and I’ve been having a blast getting my system set up with home manager, but I’ve hit a wall with setting up VSCodium such that it has access to the running gpg-agent and by extension the ssh support for my hardware security token (yubikey).

This means that all of the git porcelain stuff doesn’t seem to work nor does the remote ssh extension. I can git push from the built in terminal but not from the application itself.

For home-manager, I have the following config

programs.gpg = {
  enable = true;
  scdaemonSettings = {
    disable-ccid = true;
  };
  mutableKeys = false;
  mutableTrust = true;
  publicKeys = [
    {
      source = ../../assets/publickey.gpg;
      trust = "ultimate";
    }
  ];
};
services.gpg-agent = {
  enable = true;
  enableSshSupport = true;
  defaultCacheTtl = 60;
  maxCacheTtl = 120;
  pinentryPackage = pkgs.pinentry-qt;
};
programs.ssh.enable;

And in my NixOS config I have

services.pcscd.enable = true;
hardware.gpgSmartcards.enable = true;

Everything works fine in the terminal, but not in VSCodium. Any help would be appreciated.

kiranshila · June 8, 2024, 4:23am

It seems adding

programs.gnupg.agent = {
  enable = true;
  enableSSHSupport = true;
};

to my NixOS config fixed at least git integration, but Remote-SSH does not prompt for a PIN still. That may be more a VSCodium problem though.

fzakaria · June 8, 2024, 4:52am

I want to recommend GitHub - FiloSottile/yubikey-agent: yubikey-agent is a seamless ssh-agent for YubiKeys.
I set it up and it’s been so easy to use.

kiranshila · June 8, 2024, 5:11am

Oh interesting, so this is instead of the gpg->ssh rigmarole?

fzakaria · June 8, 2024, 6:13am

Yea.
I just had to turn off gnome-ring-ssh-agent cause Gnome was turning it on by default and that’s it.

Super straightforward and solid code.