cswimr/flake
cswimr/flake
Template
1
1
Fork 0
Code Issues 1 Pull requests Activity

encrypt ssh private keys with the tpm

Browse source
This commit is contained in:
Seaswimmer 2024-12-03 16:40:01 -05:00
parent 0291524082
commit d5db083507
Signed by: cswimr
GPG key ID: 0EC431A8DA8F8087
3 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -69,6 +69,7 @@
./nixos/sudo.nix ./nixos/sudo.nix
./nixos/symlinks.nix ./nixos/symlinks.nix
./nixos/tailscale.nix ./nixos/tailscale.nix
./nixos/tpm.nix
{ {
# enable bluetooth # enable bluetooth
@ -97,6 +98,7 @@
users.${user} = { users.${user} = {
imports = [ imports = [
./home-manager/plasma.nix ./home-manager/plasma.nix
./home-manager/tpm.nix
./home-manager/user.nix ./home-manager/user.nix
./home-manager/vscode.nix ./home-manager/vscode.nix
{ {

5
home-manager/tpm.nix Normal file
View file

@ -0,0 +1,5 @@
{
programs.ssh.extraConfig = ''
PKCS11Provider = /run/current-system/sw/lib/libtpm2_pkcs11.so
'';
}

9
nixos/tpm.nix Normal file
View file

@ -0,0 +1,9 @@
{ user, ... }:
{
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
users.users.${user}.extraGroups = [ "tss" ];
}