27 lines
596 B
Nix
27 lines
596 B
Nix
|
{ username, pkgs, ... }: {
|
||
|
|
security = {
|
||
|
|
doas = {
|
||
|
|
enable = true;
|
||
|
|
wheelNeedsPassword = true;
|
||
|
|
};
|
||
|
|
sudo.enable = false;
|
||
|
|
|
||
|
|
# polkit.enable = lib.mkForce false;
|
||
|
|
polkit.enable = true;
|
||
|
|
};
|
||
|
|
|
||
|
|
|
||
|
|
n.misc.aliases.sudo = "doas";
|
||
|
|
|
||
|
|
security.tpm2 = {
|
||
|
|
enable = true;
|
||
|
|
pkcs11.enable = true;
|
||
|
|
pkcs11.package = pkgs.tpm2-pkcs11-fapi;
|
||
|
|
tctiEnvironment.enable = true;
|
||
|
|
};
|
||
|
|
users.users.${username}.extraGroups = [ "tss" "admin" ];
|
||
|
|
|
||
|
|
environment.systemPackages = with pkgs; [ tpm2-pkcs11-fapi clevis tpm2-tools ];
|
||
|
|
environment.variables.TPM2_PKCS11_BACKEND = "fapi";
|
||
|
|
}
|