hosts: desktop add TPM

2023-05-19 10:03:23 +02:00 · 2023-05-19 10:03:23 +02:00 · c1ccbc809b
commit c1ccbc809b
parent c313a73db9
1 changed files with 11 additions and 5 deletions
--- a/hosts/configuration_desktop.nix
+++ b/hosts/configuration_desktop.nix
@ -20,7 +20,7 @@

  users.users.${user} = {                   # System User
    isNormalUser = true;
-    extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" ];
+    extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" "tss" ];
    shell = pkgs.zsh;                       # Default shell
    uid = 2000;
 #    initialPassword = "password95";
@ -31,7 +31,6 @@
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
    ];
  };
-  #security.sudo.wheelNeedsPassword = true; # User does not need to give password when using sudo.

  time.timeZone = "Europe/Berlin";        # Time zone and internationalisation
  i18n = {
@ -47,10 +46,17 @@
    keyMap = "us";	                    # or us/azerty/etc
  };

-  security.rtkit.enable = true;
-  security.pki.certificateFiles = [
+  security = {
+    rtkit.enable = true;
+    pki.certificateFiles = [
      ./rootCA.pem
-  ];
+    ];
+    tpm2 = {
+        enable = true;
+        pkcs11.enable = true;
+        tctiEnvironment.enable = true;
+      };
+  };

  sound = {                                 # ALSA sound enable
    enable = true;