diff --git a/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix b/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix index 40aac21..2100bce 100644 --- a/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix +++ b/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix @@ -45,7 +45,7 @@ in { mountpoint = "/boot"; mountOptions = [ "defaults" - "umask=0077" + "umask=0077" ]; }; }; @@ -61,7 +61,13 @@ in { "--perf-no_write_workqueue" ]; # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html - settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];}; + settings = { + keyFile = "/tmp/secret.key"; + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; + }; content = { type = "btrfs"; extraArgs = ["-L" "nixos" "-f"]; diff --git a/systems/x86_64-linux/stargate/disko.nix b/systems/x86_64-linux/stargate/disko.nix index 146ede9..68d5638 100644 --- a/systems/x86_64-linux/stargate/disko.nix +++ b/systems/x86_64-linux/stargate/disko.nix @@ -17,7 +17,13 @@ "--perf-no_write_workqueue" ]; # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html - settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];}; + settings = { + keyFile = "/tmp/secret.key"; + crypttabExtraOpts = [ + "fido2-device=auto" + "token-timeout=10" + ]; + }; content = { type = "zfs"; pool = "zstorage";