22 lines
595 B
Nix
22 lines
595 B
Nix
{ config, pkgs, lib, ... }:
|
|
with lib;
|
|
let cfg = config.custom.hardware.tpm;
|
|
in {
|
|
options.custom.hardware.tpm = { enable = mkEnableOption "Enables tpm"; };
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
security.tpm2 = {
|
|
enable = true;
|
|
# expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
|
pkcs11.enable = true;
|
|
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
|
tctiEnvironment.enable = true;
|
|
};
|
|
|
|
#tss group has access to TPM devices
|
|
users.users.${config.mainUser.name}.extraGroups = [ "tss" ];
|
|
environment.systemPackages = with pkgs; [ tpm2-tools ];
|
|
};
|
|
}
|