nix-community/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager.git synced 2025-11-08 19:46:05 +01:00
Code Activity

ssh-tpm-agent: on NixOS, check TPM accessibility

Browse source
This commit is contained in:
Benedikt Rips 2025-08-12 07:20:51 +02:00 committed by Austin Horstman
parent f9ea660b24
commit 3a5136d8dd
1 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/services/ssh-tpm-agent.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
osConfig,
pkgs,
...
}:
@ -37,6 +38,23 @@ in
config = mkIf cfg.enable {
assertions = [
(lib.hm.assertions.assertPlatform "services.ssh-tpm-agent" pkgs lib.platforms.linux)
{
assertion =
let
onNixos = config.submoduleSupport.enable;
inherit (osConfig.security) tpm2;
groups = osConfig.users.users.${config.home.username}.extraGroups;
in
onNixos -> tpm2.enable && lib.elem tpm2.tssGroup groups;
message = ''
ssh-tpm-agent: The user has to be a member of the '${osConfig.security.tpm2.tssGroup}' group to access the TPM.
In your NixoS configuration, set:
security.tpm2.enable = true;
users.users.<your_username>.extraGroups = [ config.security.tpm2.tssGroup ];
'';
}
];
home.packages = [ cfg.package ];