rexxar: encrypt zu2
This commit is contained in:
parent
e7a1cf462c
commit
b9959b267c
1 changed files with 15 additions and 0 deletions
|
@ -22,12 +22,27 @@
|
|||
"sd_mod"
|
||||
"sr_mod"
|
||||
];
|
||||
systemd.enable = true;
|
||||
systemd.services."zfs-import-zu2" = {
|
||||
after = [ "zfs-import-zboot.service" ];
|
||||
requires = [ "zfs-import-zboot.service" ];
|
||||
|
||||
script = lib.mkBefore ''
|
||||
test -d /sysroot/persist || mount -t zfs zboot/local/root /sysroot
|
||||
test -f /sysroot/persist/zu2-key || mount -t zfs zboot/safe/persist /sysroot/persist
|
||||
ln -s /sysroot/persist /persist
|
||||
'';
|
||||
};
|
||||
};
|
||||
security.tpm2.enable = true;
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
boot.kernelParams = [
|
||||
"nomodeset"
|
||||
];
|
||||
environment.systemPackages = with pkgs; [
|
||||
clevis
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
|
Loading…
Reference in a new issue