add fido2 protocol for unlocking luks

nixos/configurations/Tytonidae/default.nix

@@ -96,6 +96,7 @@
     kernelPackages = pkgs.linuxPackages_zen;
     loader.systemd-boot.enable = true;
     loader.efi.canTouchEfiVariables = true;
+    initrd.systemd.enable = true;
   };
 
   # This value determines the NixOS release from which the default

nixos/configurations/Tytonidae/disk-config.nix

@@ -30,7 +30,10 @@
                 passwordFile = "/tmp/secret.key";
                 settings = {
                   allowDiscards = true;
-                  fallbackToPassword = true;
+                  crypttabExtraOpts = [
+                    "fido2-device=auto"
+                    "token-timeout=10"
+                  ];
                 };
                 content = {
                   type = "swap";
@@ -59,7 +62,10 @@
                 passwordFile = "/tmp/secret.key";
                 settings = {
                   allowDiscards = true;
-                  fallbackToPassword = true;
+                  crypttabExtraOpts = [
+                    "fido2-device=auto"
+                    "token-timeout=10"
+                  ];
                 };
                 initrdUnlock = true;
                 extraFormatArgs = [
@@ -93,7 +99,10 @@
                 passwordFile = "/tmp/secret.key";
                 settings = {
                   allowDiscards = true;
-                  fallbackToPassword = true;
+                  crypttabExtraOpts = [
+                    "fido2-device=auto"
+                    "token-timeout=10"
+                  ];
                 };
                 initrdUnlock = true;
                 extraFormatArgs = [