diff --git a/Justfile b/Justfile
index 3521e0b..414e736 100755
--- a/Justfile
+++ b/Justfile
@@ -222,7 +222,7 @@ install-config config root:
     sudo just run-with-channels nixos-install -I nixos-config={{ invocation_directory() }}/{{ config }} --root {{ root }} --no-root-passwd
 
 # Switch between gpg-card capable devices which have a copy of the same key
-switch-gpg-card:
+switch-gpg-card key-id="6EEFA706CB17E89B":
     #!/usr/bin/env bash
     #
     # Derived from https://github.com/drduh/YubiKey-Guide/issues/19.
@@ -230,7 +230,11 @@ switch-gpg-card:
     # Connect the new device and then run this script to make it known to gnupg.
     #
     set -xe
-    KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
+    if [[ -n "{{key-id}}" ]]; then
+        KEY_ID="{{key-id}}"
+    else
+        KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
+    fi
 
     # export pubkey and ownertrust
     gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}"
diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix
index d5b69c2..ec6e88a 100644
--- a/nix/home-manager/configuration/graphical-fullblown.nix
+++ b/nix/home-manager/configuration/graphical-fullblown.nix
@@ -105,7 +105,7 @@ in
 
       # Password Management
       gnupg
-      # yubikey-manager
+      yubikey-manager
       yubikey-personalization
       yubikey-personalization-gui
 
diff --git a/nix/home-manager/programs/gpg-agent.nix b/nix/home-manager/programs/gpg-agent.nix
index 41ab604..b81c150 100644
--- a/nix/home-manager/programs/gpg-agent.nix
+++ b/nix/home-manager/programs/gpg-agent.nix
@@ -1,11 +1,11 @@
-{ lib, pkgs, ... }:
+{ lib, pkgs, osConfig, ... }:
 {
   home.packages = [ pkgs.gcr ];
 
   programs.gpg.enable = true;
   services.gpg-agent = {
     enable = true;
-    enableScDaemon = true;
+    enableScDaemon = !osConfig.services.pcscd.enable;
     enableSshSupport = true;
     grabKeyboardAndMouse = true;
     pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2;
diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix
index 316dc8d..d5c9475 100644
--- a/nix/os/devices/steveej-x13s/configuration.nix
+++ b/nix/os/devices/steveej-x13s/configuration.nix
@@ -161,6 +161,11 @@
       ];
     }
 
+    {
+      # yubikey / smartcard. only set to `true` for `ykman piv` commands.
+      services.pcscd.enable = false;
+    }
+
     # TODO: create syncthing os snippet
     (
       let