aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-06 01:38:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[Security/TPM] init TPM config

Browse source
This commit is contained in:
Antoine Viallon 2023-08-10 16:22:28 +02:00
parent ecca71149a
commit 883e4585b2
Signed by: aviallon
GPG key ID: 186FC35EDEB25716
2 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
security/default.nix
View file

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./hardening.nix ./hardening.nix
./tpm.nix
./encryption.nix ./encryption.nix
]; ];
} }

25
security/tpm.nix Normal file
View file

@ -0,0 +1,25 @@
{config, pkgs, lib, ...}:
with lib;
let
cfg = config.aviallon.security.tpm;
in {
options.aviallon.security.tpm = {
enable = (mkEnableOption "TPM") // { default = true; };
tpm1_2.enable = mkEnableOption "TPM 1.2 support";
};
config = mkIf cfg.enable {
security.tpm2 = {
enable = true;
tctiEnvironment.enable = true;
pkcs11.enable = true;
};
environment.systemPackages = [
pkgs.tpm2-tools
] ++ optional cfg.tpm1_2.enable pkgs.tpm-tools;
services.tcsd = mkIf cfg.tpm1_2.enable {
enable = true;
};
};
}