youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add fido2 protocol for unlocking luks

Browse source
This commit is contained in:
ulic-youthlic 2025-02-23 22:49:58 +08:00
parent 5b00dac090
commit 46cc773eaa
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
2 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/configurations/Tytonidae/default.nix
View file

@ -96,6 +96,7 @@
kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
initrd.systemd.enable = true;
}; };
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default

15
nixos/configurations/Tytonidae/disk-config.nix
View file

@ -30,7 +30,10 @@
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
settings = { settings = {
allowDiscards = true; allowDiscards = true;
fallbackToPassword = true; crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
}; };
content = { content = {
type = "swap"; type = "swap";
@ -59,7 +62,10 @@
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
settings = { settings = {
allowDiscards = true; allowDiscards = true;
fallbackToPassword = true; crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
}; };
initrdUnlock = true; initrdUnlock = true;
extraFormatArgs = [ extraFormatArgs = [
@ -93,7 +99,10 @@
passwordFile = "/tmp/secret.key"; passwordFile = "/tmp/secret.key";
settings = { settings = {
allowDiscards = true; allowDiscards = true;
fallbackToPassword = true; crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
}; };
initrdUnlock = true; initrdUnlock = true;
extraFormatArgs = [ extraFormatArgs = [