From 3a53587c2ab06ecc0082a0c564a214b81a8bde54 Mon Sep 17 00:00:00 2001
From: Klemens Nanni <klemens@posteo.de>
Date: Mon, 23 May 2022 01:52:51 +0200
Subject: feat(ops/modules/open_eid.nix): Access all key slots

`onepin-opensc-pkcs11.so` only enables PIN1, but PIN2 is also required.

Change-Id: Ic1c34ca58a46c2978c7e27e7a9b7e6a4d335ac0c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5648
Tested-by: BuildkiteCI
Reviewed-by: flokli <flokli@flokli.de>
Reviewed-by: kn <klemens@posteo.de>
Reviewed-by: tazjin <tazjin@tvl.su>
---
 ops/modules/open_eid.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ops/modules/open_eid.nix b/ops/modules/open_eid.nix
index 4a48a09a6c..4bc35e298c 100644
--- a/ops/modules/open_eid.nix
+++ b/ops/modules/open_eid.nix
@@ -23,9 +23,10 @@ in
 {
   services.pcscd.enable = true;
 
-  # Tell p11-kit to load onepin-opensc-pkcs11.so
-  environment.etc."pkcs11/modules/onepin-opensc-pkcs11".text = ''
-    module: ${pkgs.opensc}/lib/onepin-opensc-pkcs11.so
+  # Tell p11-kit to load/proxy opensc-pkcs11.so, providing all available slots
+  # (PIN1 for authentication/decryption, PIN2 for signing).
+  environment.etc."pkcs11/modules/opensc-pkcs11".text = ''
+    module: ${pkgs.opensc}/lib/opensc-pkcs11.so
   '';
 
   environment.systemPackages = with pkgs; [
-- 
cgit 1.4.1