pass #2

following random blogs doesn't always work

hw/straylight/hardware-configuration.nix

@@ -1,5 +1,3 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 
@@ -13,19 +11,35 @@
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
+  boot.initrd.luks.fido2Support = true;
+
+  boot.initrd.luks.devices."luks-922e2c13-35bc-40de-a829-716b9368e4a7" = {
+    device = "/dev/disk/by-uuid/922e2c13-35bc-40de-a829-716b9368e4a7";
+    #fido2.credential = "<credential-hex-string>";
+    #fido2.passwordLess = true;
+  };
+
   fileSystems."/" =
     { device = "/dev/mapper/luks-922e2c13-35bc-40de-a829-716b9368e4a7";
       fsType = "ext4";
     };
 
-  boot.initrd.luks.devices."luks-922e2c13-35bc-40de-a829-716b9368e4a7".device = "/dev/disk/by-uuid/922e2c13-35bc-40de-a829-716b9368e4a7";
-
   fileSystems."/boot" =
     { device = "/dev/disk/by-uuid/9BAD-52AA";
       fsType = "vfat";
       options = [ "fmask=0077" "dmask=0077" ];
     };
 
+  fileSystems."/home" = {
+    device = "/dev/mapper/home-crypt";
+    fsType = "ext4";
+    options = [ "defaults" ];
+  };
+
+  environment.etc.crypttab.text = ''
+    home-crypt UUID=edfdcdf4-083a-4826-a1f8-9670545e0bc5 /etc/secrets/home.key luks
+  '';
+
   swapDevices = [ ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";