systemd: fix target handling and script for pcscd

2026-02-22 21:05:44 +08:00 · 2026-01-29 20:26:30 +00:00 · 2026-01-29 20:26:30 +00:00 · dae3f7896f
commit dae3f7896f
parent 83f259f34f
1 changed files with 11 additions and 4 deletions
--- a/modules/home-manager/sops.nix
+++ b/modules/home-manager/sops.nix
@ -420,23 +420,30 @@ in
            # Ensure pcscd is available for YubiKey communication.
            # When pcscd.socket is enabled, systemd creates /run/pcscd/pcscd.comm
            # and starts pcscd.service on-demand when the socket is accessed.
-            
-            for i in $(seq 1 30); do
+
+            i=0
+            while [ $i -lt 30 ]; do
              # Check if the pcscd socket file exists - this is the most reliable check
              # and doesn't require D-Bus access
              if [ -e /run/pcscd/pcscd.comm ]; then
                exit 0
              fi
              sleep 0.2
+              i=$((i + 1))
            done
-            
+
            echo "Warning: pcscd socket not found at /run/pcscd/pcscd.comm" >&2
            echo "YubiKey decryption may fail. Ensure services.pcscd.enable = true" >&2
          ''}"
        ];
      };
      Install.WantedBy =
-        if cfg.gnupg.home != null then [ "graphical-session-pre.target" ] else [ "default.target" ];
+        # When pcscd is required, we need to wait for the graphical session to be active
+        # so that polkit recognizes it as an active session and allows pcscd access.
+        # Otherwise, we run at default.target for faster boot times.
+        if cfg.gnupg.home != null || cfg.age.requirePcscd
+        then [ "graphical-session-pre.target" ]
+        else [ "default.target" ];
    };

    # Darwin: load secrets once on login