secrets overhaul: use tpm for laptop (need to migrate desktop later)
This commit is contained in:
@@ -19,7 +19,7 @@
|
||||
../../modules/zfs.nix
|
||||
../../modules/server-impermanence.nix
|
||||
../../modules/usb-secrets.nix
|
||||
../../modules/age-secrets.nix
|
||||
../../modules/server-age-secrets.nix
|
||||
../../modules/server-lanzaboote-agenix.nix
|
||||
../../modules/no-rgb.nix
|
||||
../../modules/server-security.nix
|
||||
|
||||
@@ -12,6 +12,14 @@
|
||||
"/var/lib/systemd/coredump"
|
||||
"/var/lib/nixos"
|
||||
"/var/lib/systemd/timers"
|
||||
# agenix identity sealed by the TPM. Must survive the tmpfs root
|
||||
# wipe so decryption at activation finds the right handle.
|
||||
{
|
||||
directory = "/var/lib/agenix";
|
||||
mode = "0700";
|
||||
user = "root";
|
||||
group = "root";
|
||||
}
|
||||
];
|
||||
|
||||
files = [
|
||||
|
||||
Reference in New Issue
Block a user