feat(stolas): enable TPM2 LUKS keyslot

2025-07-26 13:43:39 +02:00 · 2025-07-26 13:43:39 +02:00 · 77cdf773c0
commit 77cdf773c0
parent 215f4313bd
2 changed files with 6 additions and 2 deletions
--- a/nixos/stolas/default.nix
+++ b/nixos/stolas/default.nix
@ -32,6 +32,8 @@
        "usb_storage"
        "sd_mod"
      ];
+      # Ensure that TPM module is loaded
+      kernelModules = [ "tpm" ];
    };
  };

--- a/nixos/stolas/disks.nix
+++ b/nixos/stolas/disks.nix
@ -30,10 +30,12 @@
              content = {
                type = "luks";
                name = "crypted";
-                #passwordFile = "/tmp/secret.key"; # Interactive
                settings = {
                  allowDiscards = true;
-                  #keyFile = "/tmp/secret.key";
+                  crypttabExtraOpts = [
+                    "tpm2-device=auto"
+                    "tpm2-pin=true"
+                  ];
                };
                #additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                content = {