feat(laptop): optionally unlock disk with fido2

This commit is contained in:
Moritz Böhme 2023-03-13 21:39:44 +01:00
parent b518194ba2
commit ab6cbc0cdc
Signed by: moritz
GPG key ID: 970C6E89EB0547A9

View file

@ -11,9 +11,11 @@
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.initrd.systemd.enable = true;
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs"; fsType = "btrfs";
@ -21,6 +23,7 @@
}; };
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8"; boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8";
boot.initrd.luks.devices."enc".crypttabExtraOpts = [ "fido2-device=auto" ];
fileSystems."/log" = { fileSystems."/log" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154"; device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";