break out + ssh unlock

2026-04-07 20:37:56 +02:00
parent 76b7441884
commit 8ede23da35
6 changed files with 82 additions and 12 deletions
@@ -0,0 +1,13 @@
+{ ... }:
+{
+  boot.initrd.luks.devices.cryptroot.crypttabExtraOpts = [
+    "tpm2-device=auto"
+    "tpm2-pcrs=7"
+  ];
+
+  security.tpm2 = {
+    enable = true;
+    pkcs11.enable = true;
+    tctiEnvironment.enable = true;
+  };
+}