diff options
| -rw-r--r-- | modules/options.nix | 3 | ||||
| -rw-r--r-- | system/default.nix | 1 | ||||
| -rw-r--r-- | system/tpm.nix | 14 |
3 files changed, 18 insertions, 0 deletions
diff --git a/modules/options.nix b/modules/options.nix index 0c7b78f..2571b9c 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -225,6 +225,9 @@ in { network = mkEnableOption { description = "Install networking system services and programs."; }; + tpm = mkEnableOption { + description = "Enable system TPM"; + }; minimal = mkEnableOption { description = "Install only required system services, drivers, and programs."; }; diff --git a/system/default.nix b/system/default.nix index c779678..e3b7c66 100644 --- a/system/default.nix +++ b/system/default.nix @@ -12,6 +12,7 @@ ./hardware.nix ./networking.nix ./sshd.nix + ./tpm.nix ]; # allow flakes diff --git a/system/tpm.nix b/system/tpm.nix new file mode 100644 index 0000000..c7507da --- /dev/null +++ b/system/tpm.nix @@ -0,0 +1,14 @@ +{ + lib, + config, + ... +}: let + inherit (lib) mkIf; +in { + config = mkIf config.tpm { + security.tpm2.enable = true; + security.tpm2.pkcs11.enable = true; + security.tpm2.tctiEnvironment.enable = true; + users.groups.tss.members = [config.user]; + }; +} |