Commit cf53d29d4442

Vincent Demeester <vincent@sbr.pm>
2025-01-06 17:09:31
systems: trying out to enable tpm2 on few machines…
… to try things out first. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 9a9a973
Changed files (3)
systems
hosts
aomi.nix
wakasu.nix
users
vincent
default.nix
systems/hosts/aomi.nix
@@ -251,5 +251,11 @@ in
   };
   nix.trustedUsers = [ "root" "vincent" "builder" ];
 
-  security.pam.enableSSHAgentAuth = true;
+  security = {
+    tpm2 = {
+      enable = true;
+      pkcs11.enable = true;
+    };
+    pam.enableSSHAgentAuth = true;
+  };
 }
systems/hosts/wakasu.nix
@@ -157,6 +157,12 @@ in
   ];
 
   location.provider = "geoclue2";
+  security = {
+    tpm2 = {
+      enable = true;
+      pkcs11.enable = true;
+    };
+  };
   services = {
     geoclue2.enable = true;
     # clight = {
users/vincent/default.nix
@@ -29,7 +29,8 @@ in
       ++ optionals config.virtualisation.docker.enable [ "docker" ]
       ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
       ++ optionals config.modules.virtualisation.libvirt.enable [ "libvirtd" ]
-      ++ optionals config.services.nginx.enable [ "nginx" ];
+      ++ optionals config.services.nginx.enable [ "nginx" ]
+      ++ optionals config.security.tpm2.enable [ "tss" ];
     shell = mkIf config.programs.zsh.enable pkgs.zsh;
     isNormalUser = true;
     openssh.authorizedKeys.keys = authorizedKeys