nftable-migration
1{
2 lib,
3 hardwareType,
4 pkgs,
5 ...
6}:
7let
8 # Detect if we are building RPI4 host, because RPI4 doesn't have TPM support
9 isRPI4 = hardwareType == "rpi4";
10in
11{
12 environment.systemPackages =
13 if isRPI4 then
14 [ ]
15 else
16 with pkgs;
17 [
18 tpm2-tss
19 ];
20 security = lib.mkIf (!isRPI4) {
21 tpm2 = {
22 enable = true;
23 pkcs11.enable = true;
24 abrmd.enable = true;
25 };
26 };
27}