trivionomicon/modules/athena-bccr/sys.nix

{
  pkgs,
  lib,
  cfg,
  doctrine,
  ...
}: let
  athena = pkgs.${doctrine.prefix}.athena-bccr.${cfg.release};
in {
  environment = {
    etc = {
      "Athena".source = "${athena.ase-pkcs11}/etc/Athena";

      "pkcs11/modules/asep11".text = ''
        module: ${athena.libasep11}
      '';
    };

    systemPackages = [athena.ase-pkcs11];
  };

  #FIXME: Extremadamente peligroso si BCCR o MICITT caen, investigar política nacional de root CA
  security.pki.certificateFiles = ["${athena.bccr-cacerts}/root-ca.pem"];

  services = {
    pcscd.enable = true;

    udev.extraRules = ''
      # Athena Smartcard Solutions, Inc. ASEDrive V3CR
      ATTRS{idVendor}=="0dc3", ATTRS{idProduct}=="1004", MODE="660", GROUP="${cfg.group}", TAG+="uaccess"
    '';
  };

  users.groups.${cfg.group} = {};
}