zh

2025-09-26 19:21:48 +02:00 · 2025-09-26 19:21:48 +02:00 · 8061c5c132
commit 8061c5c132
parent 1c5299e2ca
2 changed files with 15 additions and 3 deletions
--- a/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix
+++ b/modules/nixos/presets/disko/impermanenceBtrfsLuks/default.nix
@ -61,7 +61,13 @@ in {
                    "--perf-no_write_workqueue"
                  ];
                  # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
-                  settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];};
+                  settings = {
+                    keyFile = "/tmp/secret.key";
+                    crypttabExtraOpts = [
+                      "fido2-device=auto"
+                      "token-timeout=10"
+                    ];
+                  };
                  content = {
                    type = "btrfs";
                    extraArgs = ["-L" "nixos" "-f"];
--- a/systems/x86_64-linux/stargate/disko.nix
+++ b/systems/x86_64-linux/stargate/disko.nix
@ -17,7 +17,13 @@
              "--perf-no_write_workqueue"
            ];
            # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
-            settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];};
+            settings = {
+              keyFile = "/tmp/secret.key";
+              crypttabExtraOpts = [
+                "fido2-device=auto"
+                "token-timeout=10"
+              ];
+            };
            content = {
              type = "zfs";
              pool = "zstorage";