feat(ops/modules/open_eid.nix): Access all key slots r/4115

`onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required. Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: kn <klemens@posteo.de> Reviewed-by: tazjin <tazjin@tvl.su>
author: Klemens Nanni <klemens@posteo.de> 2022-05-22T23·52+0200
committer: kn <klemens@posteo.de> 2022-05-25T20·38+0000
commit: 3a53587c2ab06ecc0082a0c564a214b81a8bde54 (patch)
tree: 030a0f4544c0e9b71ed6014885624922982c4db8 /ops/modules
parent: 45c46d4a73910f4712a687238dbef3ee195e9404 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/ops/modules/open_eid.nix b/ops/modules/open_eid.nix
index 4a48a09a6c9a..4bc35e298c89 100644
--- a/ops/modules/open_eid.nix
+++ b/ops/modules/open_eid.nix
@@ -23,9 +23,10 @@ in
 {
   services.pcscd.enable = true;
 
-  # Tell p11-kit to load onepin-opensc-pkcs11.so
-  environment.etc."pkcs11/modules/onepin-opensc-pkcs11".text = ''
-    module: ${pkgs.opensc}/lib/onepin-opensc-pkcs11.so
+  # Tell p11-kit to load/proxy opensc-pkcs11.so, providing all available slots
+  # (PIN1 for authentication/decryption, PIN2 for signing).
+  environment.etc."pkcs11/modules/opensc-pkcs11".text = ''
+    module: ${pkgs.opensc}/lib/opensc-pkcs11.so
   '';
 
   environment.systemPackages = with pkgs; [
author	Klemens Nanni <klemens@posteo.de>	2022-05-22T23·52+0200
committer	kn <klemens@posteo.de>	2022-05-25T20·38+0000
commit	3a53587c2ab06ecc0082a0c564a214b81a8bde54 (patch)
tree	030a0f4544c0e9b71ed6014885624922982c4db8 /ops/modules
parent	45c46d4a73910f4712a687238dbef3ee195e9404 (diff)