kyle/imladris
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enable fido2 luks on orion/rift.

Browse Source
This commit is contained in:
Kyle Isom
2026-03-26 08:56:02 -07:00
parent 7be8a4c5e6
commit 0d1fe5536f
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hw/orion/hardware-configuration.nix
View File

@@ -19,7 +19,13 @@
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-5c5e94fc-f710-4578-a5f6-3a244efe5d3b".device = "/dev/disk/by-uuid/5c5e94fc-f710-4578-a5f6-3a244efe5d3b"; boot.initrd.luks.devices."luks-5c5e94fc-f710-4578-a5f6-3a244efe5d3b" = {
device = "/dev/disk/by-uuid/5c5e94fc-f710-4578-a5f6-3a244efe5d3b";
crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
};
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B165-2F51"; { device = "/dev/disk/by-uuid/B165-2F51";

6
hw/rift/default.nix
View File

@@ -8,6 +8,12 @@
]; ];
config = { config = {
# FIDO2 LUKS unlock (matches vade setup)
boot.initrd.luks.devices."crypted".crypttabExtraOpts = [
"fido2-device=auto"
"token-timeout=10"
];
# Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor). # Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53; boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;