commit aca684973821c83c97778095f9d61ea5ad8d4edb
Author: Andrey Golovizin <ag@sologoc.com>
Date:   Sun Dec 18 13:40:43 2022 +0100

    Initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c4a847d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/result
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..4c8d6f5
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1671200928,
+        "narHash": "sha256-mZfzDyzojwj6I0wyooIjGIn81WtGVnx6+avU5Wv+VKU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "757b82211463dd5ba1475b6851d3731dfe14d377",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..ead1d0c
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,17 @@
+{
+  description = "Soft U2F";
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs }:
+    let
+      softu2f = system: nixpkgs.legacyPackages.${system}.callPackage ./softu2f.nix { };
+    in
+    {
+      packages."x86_64-linux".softu2f = softu2f "x86_64-linux";
+      defaultPackage."x86_64-linux" = self.packages."x86_64-linux".softu2f;
+      nixosModules.softu2f = import ./module.nix;
+      nixosModule = self.nixosModules.softu2f;
+    };
+}
diff --git a/module.nix b/module.nix
new file mode 100644
index 0000000..e84d268
--- /dev/null
+++ b/module.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.services.softu2f;
+  softu2f = pkgs.callPackage ./softu2f.nix { };
+in
+{
+  options.services.softu2f = {
+    enable = lib.mkEnableOption "Enables the softu2f service";
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.sockets.softu2f = {
+      wantedBy = [ "sockets.target" ];
+      socketConfig = {
+        ListenStream = "/run/softu2f/softu2f.sock";
+      };
+    };
+    systemd.services.softu2f = {
+      description = "Software-only U2F Emulation Service";
+      wants = [ "softu2f.socket" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${softu2f}/bin/softu2f-system-daemon";
+        PrivateNetwork = "yes";
+        PrivateTmp = "true";
+      };
+    };
+    systemd.user.services.softu2f = {
+      description = "Software-only U2F Emulation Service";
+      wantedBy = [ "default.target" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${softu2f}/bin/softu2f-user-daemon";
+        NoNewPrivileges = "true";
+        PrivateTmp = "true";
+      };
+    };
+  };
+}
diff --git a/softu2f.nix b/softu2f.nix
new file mode 100644
index 0000000..886505a
--- /dev/null
+++ b/softu2f.nix
@@ -0,0 +1,14 @@
+{ fetchFromGitHub, rustPlatform, openssl, dbus, udev, pkg-config }:
+rustPlatform.buildRustPackage {
+  pname = "softu2f";
+  version = "20221218-git";
+  src = fetchFromGitHub {
+    owner = "danstiner";
+    repo = "rust-u2f";
+    rev = "da1a256e804395588c21c0dd9891310506746e7a";
+    sha256 = "sha256-Ci1X7Gi1+sL7sPXcPiIjAHDJOO8SmDD9GRajdv6tm0o=";
+  };
+  cargoSha256 = "sha256-LrO7zW5+BcuxoGfNe2UW8q65GAhVeVyLoPC60htIt8k=";
+  buildInputs = [ openssl dbus udev ];
+  nativeBuildInputs = [ pkg-config rustPlatform.bindgenHook ];
+}