diff options
| author | Baitinq <[email protected]> | 2025-03-12 20:00:38 +0100 |
|---|---|---|
| committer | Baitinq <[email protected]> | 2025-03-12 20:00:38 +0100 |
| commit | e7e13bb2510db354d15ac4073e649632a4ab003b (patch) | |
| tree | 490071bfe1f796c77407d4438f5279c04b3bd336 | |
| parent | Home: Packages: Add llm (diff) | |
| download | nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.tar.gz nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.tar.bz2 nixos-config-e7e13bb2510db354d15ac4073e649632a4ab003b.zip | |
Hardware: PC: Add TPM disk unlock
| -rw-r--r-- | hardware/pc/disks.nix | 1 | ||||
| -rw-r--r-- | hosts/configuration.nix | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/hardware/pc/disks.nix b/hardware/pc/disks.nix index 825a9f0..5e9487b 100644 --- a/hardware/pc/disks.nix +++ b/hardware/pc/disks.nix @@ -22,6 +22,7 @@ mkfs.vfat "${HDD}"-part1 mkfs.ext4 "${HDD}"-part2 cryptsetup -q luksFormat "${HDD}"-part3 --type luks2 + systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0 "${HDD}"-part3 cryptsetup open --type luks "${HDD}"-part3 encrypted_root pvcreate /dev/mapper/encrypted_root vgcreate encrypted_root_pool /dev/mapper/encrypted_root diff --git a/hosts/configuration.nix b/hosts/configuration.nix index 0d03971..881e9f2 100644 --- a/hosts/configuration.nix +++ b/hosts/configuration.nix @@ -25,6 +25,7 @@ ]; boot = lib.mkForce { + initrd.systemd.enable = true; loader = { efi = { efiSysMountPoint = "/boot/efi"; @@ -139,6 +140,7 @@ strace fzf powertop + tpm2-tss inputs.deploy-rs.defaultPackage."${system}" ]; |