system/tpm.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

{
  lib,
  config,
  ...
}: let
  inherit (lib) mkIf;
  cfg = config.tpm;
in {
  config = mkIf cfg.enable {
    security.tpm2.enable = true;
    security.tpm2.pkcs11.enable = true;
    security.tpm2.tctiEnvironment.enable = true;
    users.groups.tss.members = [config.user];
  };
}