flake/nixos/tpm.nix

{ user, lib, pkgs, ... }:
{
  environment.variables = {
    TPM2_PKCS11_TCTI = lib.mkDefault "tabrmd:";
  };
  security.tpm2 = {
    enable = true;
    pkcs11.enable = true;
    tctiEnvironment.enable = true;
  };
  users.users.${user}.extraGroups = [ "tss" ];

  # secure boot configuration
  environment.systemPackages = with pkgs; [
    sbctl
  ];
}
set up secure boot on eclipse and do some tpm stuff 2024-12-04 16:09:14 -05:00			`{ user, lib, pkgs, ... }:`
encrypt ssh private keys with the tpm 2024-12-03 16:40:01 -05:00			`{`
set up secure boot on eclipse and do some tpm stuff 2024-12-04 16:09:14 -05:00			`environment.variables = {`
			`TPM2_PKCS11_TCTI = lib.mkDefault "tabrmd:";`
			`};`
encrypt ssh private keys with the tpm 2024-12-03 16:40:01 -05:00			`security.tpm2 = {`
			`enable = true;`
			`pkcs11.enable = true;`
			`tctiEnvironment.enable = true;`
			`};`
			`users.users.${user}.extraGroups = [ "tss" ];`
set up secure boot on eclipse and do some tpm stuff 2024-12-04 16:09:14 -05:00
			`# secure boot configuration`
			`environment.systemPackages = with pkgs; [`
			`sbctl`
			`];`
encrypt ssh private keys with the tpm 2024-12-03 16:40:01 -05:00			`}`