From 9bf77e40af258dc2e353ad409521379604846aca Mon Sep 17 00:00:00 2001 From: ulic-youthlic Date: Sun, 23 Feb 2025 22:49:58 +0800 Subject: [PATCH] add fido2 protocol for unlocking luks --- nixos/configurations/Tytonidae/default.nix | 1 + nixos/configurations/Tytonidae/disk-config.nix | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/nixos/configurations/Tytonidae/default.nix b/nixos/configurations/Tytonidae/default.nix index 0e9a4da..a630ac7 100644 --- a/nixos/configurations/Tytonidae/default.nix +++ b/nixos/configurations/Tytonidae/default.nix @@ -96,6 +96,7 @@ kernelPackages = pkgs.linuxPackages_zen; loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; + initrd.systemd.enable = true; }; # This value determines the NixOS release from which the default diff --git a/nixos/configurations/Tytonidae/disk-config.nix b/nixos/configurations/Tytonidae/disk-config.nix index f43eb7c..6549e97 100644 --- a/nixos/configurations/Tytonidae/disk-config.nix +++ b/nixos/configurations/Tytonidae/disk-config.nix @@ -30,7 +30,10 @@ passwordFile = "/tmp/secret.key"; settings = { allowDiscards = true; - fallbackToPassword = true; + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; }; content = { type = "swap"; @@ -59,7 +62,10 @@ passwordFile = "/tmp/secret.key"; settings = { allowDiscards = true; - fallbackToPassword = true; + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; }; initrdUnlock = true; extraFormatArgs = [ @@ -93,7 +99,10 @@ passwordFile = "/tmp/secret.key"; settings = { allowDiscards = true; - fallbackToPassword = true; + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; }; initrdUnlock = true; extraFormatArgs = [