config

commit b4eee91f31ca0695509d27e96d8434ff02be829d (tree)
parent 2b18b37145e74d99a17d7c75532f85af23744aad
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Tue, 23 Jul 2024 22:15:02 +0300

adding recovery key

Diffstat:
M
hosts/fwminex/configuration.nix
 | 
11
++++++-----

1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
@@ -15,16 +15,17 @@ in {
     kernelModules = ["kvm-intel"];
     loader.systemd-boot.enable = true;
     initrd = {
+      kernelModules = ["usb_storage"];
       availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid" "tpm_tis"];
-      systemd = {
-        enableTpm2 = true;
-        emergencyAccess = true;
-      };
+      systemd.enableTpm2 = true;
       luks.devices = {
         luksroot = {
           device = "${nvme}-part3";
           allowDiscards = true;
-          crypttabExtraOpts = ["tpm2-device=auto"];
+          #crypttabExtraOpts = ["tpm2-device=auto"]; # WIP
+          keyFileOffset = 9728;
+          keyFileSize = 512;
+          keyFile = "/dev/sda";
         };
       };
     };