tweak gpg related code

Justfile

@@ -222,7 +222,7 @@ install-config config root:
     sudo just run-with-channels nixos-install -I nixos-config={{ invocation_directory() }}/{{ config }} --root {{ root }} --no-root-passwd
 
 # Switch between gpg-card capable devices which have a copy of the same key
-switch-gpg-card:
+switch-gpg-card key-id="6EEFA706CB17E89B":
     #!/usr/bin/env bash
     #
     # Derived from https://github.com/drduh/YubiKey-Guide/issues/19.
@@ -230,7 +230,11 @@ switch-gpg-card:
     # Connect the new device and then run this script to make it known to gnupg.
     #
     set -xe
-    KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
+    if [[ -n "{{key-id}}" ]]; then
+        KEY_ID="{{key-id}}"
+    else
+        KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
+    fi
 
     # export pubkey and ownertrust
     gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}"

nix/home-manager/configuration/graphical-fullblown.nix

@@ -105,7 +105,7 @@ in
 
       # Password Management
       gnupg
-      # yubikey-manager
+      yubikey-manager
       yubikey-personalization
       yubikey-personalization-gui
 

nix/home-manager/programs/gpg-agent.nix

@@ -1,11 +1,11 @@
-{ lib, pkgs, ... }:
+{ lib, pkgs, osConfig, ... }:
 {
   home.packages = [ pkgs.gcr ];
 
   programs.gpg.enable = true;
   services.gpg-agent = {
     enable = true;
-    enableScDaemon = true;
+    enableScDaemon = !osConfig.services.pcscd.enable;
     enableSshSupport = true;
     grabKeyboardAndMouse = true;
     pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2;

nix/os/devices/steveej-x13s/configuration.nix

@@ -161,6 +161,11 @@
       ];
     }
 
+    {
+      # yubikey / smartcard. only set to `true` for `ykman piv` commands.
+      services.pcscd.enable = false;
+    }
+
     # TODO: create syncthing os snippet
     (
       let