Enable fido2 luks on orion/rift.

2026-03-26 08:56:02 -07:00
parent 7be8a4c5e6
commit 0d1fe5536f
2 changed files with 13 additions and 1 deletions
--- a/hw/rift/default.nix
+++ b/hw/rift/default.nix
@@ -8,6 +8,12 @@
  ];

  config = {
+    # FIDO2 LUKS unlock (matches vade setup)
+    boot.initrd.luks.devices."crypted".crypttabExtraOpts = [
+      "fido2-device=auto"
+      "token-timeout=10"
+    ];
+
    # Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
    boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;