Commit b01a78c7 authored by Christian Kögler's avatar Christian Kögler
Browse files

nixos/clevis: fix luks support 

Add missing packages when clevis is used for luks unlock
It is not needed to expose all execuables via extraBin, therefor removed
curl.
parent 1c415018

nixos/modules/system/boot/clevis.nix

+6 −1
Original line number Diff line number Diff line
@@ -77,6 +77,9 @@ in 
        copy_bin_and_libs ${pkgs.jose}/bin/jose

        copy_bin_and_libs ${pkgs.curl}/bin/curl

        copy_bin_and_libs ${pkgs.bashNonInteractive}/bin/bash

        copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup

        copy_bin_and_libs ${pkgs.gnused}/bin/gnused

        copy_bin_and_libs ${pkgs.gnugrep}/bin/gnugrep



        copy_bin_and_libs ${pkgs.tpm2-tools}/bin/.tpm2-wrapped

        mv $out/bin/{.tpm2-wrapped,tpm2}
@@ -103,13 +106,15 @@ in 
      systemd = {

        extraBin = lib.mkIf systemd.enable {

          clevis = "${cfg.package}/bin/clevis";

          curl = "${pkgs.curl}/bin/curl";

        };



        storePaths = lib.mkIf systemd.enable [

          cfg.package

          "${pkgs.jose}/bin/jose"

          "${pkgs.curl}/bin/curl"

          "${pkgs.cryptsetup}/bin/cryptsetup"

          "${pkgs.gnused}/bin/sed"

          "${pkgs.gnugrep}/bin/grep"

          "${pkgs.tpm2-tools}/bin/tpm2_createprimary"

          "${pkgs.tpm2-tools}/bin/tpm2_flushcontext"

          "${pkgs.tpm2-tools}/bin/tpm2_load"