Loading nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -1690,6 +1690,7 @@ ./system/boot/systemd.nix ./system/boot/systemd/coredump.nix ./system/boot/systemd/dm-verity.nix ./system/boot/systemd/fido2.nix ./system/boot/systemd/initrd-secrets.nix ./system/boot/systemd/initrd.nix ./system/boot/systemd/journald.nix Loading nixos/modules/system/boot/systemd/fido2.nix 0 → 100644 +32 −0 Original line number Diff line number Diff line { lib, config, pkgs, ... }: let cfg = config.boot.initrd.systemd; in { options = { boot.initrd.systemd.fido2.enable = lib.mkEnableOption "systemd FIDO2 support" // { default = cfg.package.withFido2; defaultText = lib.literalExpression "config.boot.initrd.systemd.package.withFido2"; }; }; config = lib.mkIf cfg.fido2.enable { boot.initrd.services.udev.packages = [ # TODO: Add a better way to include upstream rules files. (pkgs.runCommand "udev-fido2" { } '' mkdir -p $out/lib/udev/rules.d/ cp ${cfg.package}/lib/udev/rules.d/60-fido-id.rules $out/lib/udev/rules.d/60-fido-id.rules '') ]; boot.initrd.systemd.storePaths = [ "${pkgs.systemd}/lib/udev/fido_id" "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so" "${pkgs.libfido2}/lib/libfido2.so.1" ]; }; } nixos/modules/system/boot/systemd/initrd.nix +0 −5 Original line number Diff line number Diff line Loading @@ -547,11 +547,6 @@ in # Resolving sysroot symlinks without code exec "${pkgs.chroot-realpath}/bin/chroot-realpath" ] ++ optionals cfg.package.withCryptsetup [ # fido2 support "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so" "${pkgs.libfido2}/lib/libfido2.so.1" ] ++ jobScripts ++ map (c: builtins.removeAttrs c [ "text" ]) (builtins.attrValues cfg.contents); Loading pkgs/os-specific/linux/systemd/default.nix +1 −1 Original line number Diff line number Diff line Loading @@ -778,7 +778,7 @@ stdenv.mkDerivation (finalAttrs: { # needed - and therefore `interfaceVersion` should be incremented. interfaceVersion = 2; inherit withBootloader withCryptsetup withEfi withHostnamed withImportd withKmod inherit withBootloader withCryptsetup withEfi withFido2 withHostnamed withImportd withKmod withLocaled withMachined withPortabled withTimedated withTpm2Tss withUtmp util-linux kmod kbd; Loading Loading
nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -1690,6 +1690,7 @@ ./system/boot/systemd.nix ./system/boot/systemd/coredump.nix ./system/boot/systemd/dm-verity.nix ./system/boot/systemd/fido2.nix ./system/boot/systemd/initrd-secrets.nix ./system/boot/systemd/initrd.nix ./system/boot/systemd/journald.nix Loading
nixos/modules/system/boot/systemd/fido2.nix 0 → 100644 +32 −0 Original line number Diff line number Diff line { lib, config, pkgs, ... }: let cfg = config.boot.initrd.systemd; in { options = { boot.initrd.systemd.fido2.enable = lib.mkEnableOption "systemd FIDO2 support" // { default = cfg.package.withFido2; defaultText = lib.literalExpression "config.boot.initrd.systemd.package.withFido2"; }; }; config = lib.mkIf cfg.fido2.enable { boot.initrd.services.udev.packages = [ # TODO: Add a better way to include upstream rules files. (pkgs.runCommand "udev-fido2" { } '' mkdir -p $out/lib/udev/rules.d/ cp ${cfg.package}/lib/udev/rules.d/60-fido-id.rules $out/lib/udev/rules.d/60-fido-id.rules '') ]; boot.initrd.systemd.storePaths = [ "${pkgs.systemd}/lib/udev/fido_id" "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so" "${pkgs.libfido2}/lib/libfido2.so.1" ]; }; }
nixos/modules/system/boot/systemd/initrd.nix +0 −5 Original line number Diff line number Diff line Loading @@ -547,11 +547,6 @@ in # Resolving sysroot symlinks without code exec "${pkgs.chroot-realpath}/bin/chroot-realpath" ] ++ optionals cfg.package.withCryptsetup [ # fido2 support "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so" "${pkgs.libfido2}/lib/libfido2.so.1" ] ++ jobScripts ++ map (c: builtins.removeAttrs c [ "text" ]) (builtins.attrValues cfg.contents); Loading
pkgs/os-specific/linux/systemd/default.nix +1 −1 Original line number Diff line number Diff line Loading @@ -778,7 +778,7 @@ stdenv.mkDerivation (finalAttrs: { # needed - and therefore `interfaceVersion` should be incremented. interfaceVersion = 2; inherit withBootloader withCryptsetup withEfi withHostnamed withImportd withKmod inherit withBootloader withCryptsetup withEfi withFido2 withHostnamed withImportd withKmod withLocaled withMachined withPortabled withTimedated withTpm2Tss withUtmp util-linux kmod kbd; Loading
