From a7e27be92fca68530adfbbccb235bcd7cc9e6946 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 26 Jul 2025 13:43:39 +0200
Subject: [PATCH] feat(stolas): enable TPM2 LUKS keyslot

---
 nixos/stolas/disks.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix
index 5d48d17..2fc727e 100644
--- a/nixos/stolas/disks.nix
+++ b/nixos/stolas/disks.nix
@@ -33,7 +33,10 @@
                 #passwordFile = "/tmp/secret.key"; # Interactive
                 settings = {
                   allowDiscards = true;
-                  #keyFile = "/tmp/secret.key";
+                  crypttabExtraOpts = [
+                    "tpm2-device=auto"
+                    "tpm2-pin=yes"
+                  ];
                 };
                 #additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                 content = {