From b4eee91f31ca0695509d27e96d8434ff02be829d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Tue, 23 Jul 2024 22:15:02 +0300
Subject: [PATCH] adding recovery key

---
 hosts/fwminex/configuration.nix | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index b2122d6..d67736d 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -15,16 +15,17 @@ in {
     kernelModules = ["kvm-intel"];
     loader.systemd-boot.enable = true;
     initrd = {
+      kernelModules = ["usb_storage"];
       availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "tpm_tis"];
-      systemd = {
-        enableTpm2 = true;
-        emergencyAccess = true;
-      };
+      systemd.enableTpm2 = true;
       luks.devices = {
         luksroot = {
           device = "${nvme}-part3";
           allowDiscards = true;
-          crypttabExtraOpts = ["tpm2-device=auto"];
+          #crypttabExtraOpts = ["tpm2-device=auto"]; # WIP
+          keyFileOffset = 9728;
+          keyFileSize = 512;
+          keyFile = "/dev/sda";
         };
       };
     };