rexxar: encrypt zu2
This commit is contained in:
parent
e7a1cf462c
commit
b9959b267c
1 changed files with 15 additions and 0 deletions
|
@ -22,12 +22,27 @@
|
||||||
"sd_mod"
|
"sd_mod"
|
||||||
"sr_mod"
|
"sr_mod"
|
||||||
];
|
];
|
||||||
|
systemd.enable = true;
|
||||||
|
systemd.services."zfs-import-zu2" = {
|
||||||
|
after = [ "zfs-import-zboot.service" ];
|
||||||
|
requires = [ "zfs-import-zboot.service" ];
|
||||||
|
|
||||||
|
script = lib.mkBefore ''
|
||||||
|
test -d /sysroot/persist || mount -t zfs zboot/local/root /sysroot
|
||||||
|
test -f /sysroot/persist/zu2-key || mount -t zfs zboot/safe/persist /sysroot/persist
|
||||||
|
ln -s /sysroot/persist /persist
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
security.tpm2.enable = true;
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
hardware.cpu.amd.updateMicrocode = true;
|
hardware.cpu.amd.updateMicrocode = true;
|
||||||
boot.kernelParams = [
|
boot.kernelParams = [
|
||||||
"nomodeset"
|
"nomodeset"
|
||||||
];
|
];
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
clevis
|
||||||
|
];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
|
Loading…
Reference in a new issue