From eb12fb0024945b16aa5e15e1caea65ecee69f9a6 Mon Sep 17 00:00:00 2001
From: nathan mccarty <nathan@mccarty.io>
Date: Sun, 24 Jul 2022 13:52:34 -0400
Subject: [PATCH] feat: Initial attempt at tpm setup

---
 machines/levitation/configuration.nix | 16 ++++++++++++++++
 modules/desktop.nix                   |  4 ++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/machines/levitation/configuration.nix b/machines/levitation/configuration.nix
index a1bf065..0f763a6 100644
--- a/machines/levitation/configuration.nix
+++ b/machines/levitation/configuration.nix
@@ -63,4 +63,20 @@
 
   # Setup home manager
   home-manager.users.nathan = import ./home.nix;
+
+  # TPM setup
+  security = {
+    tpm2 = {
+      enable = true;
+    };
+  };
+  boot = {
+    initrd = {
+      kernelModules = [ "tpm_crb" ];
+      systemd = {
+        enable = true;
+      };
+    };
+    kernelParams = [ "crypt-pv.luks.options=tpm2-device=auto" ];
+  };
 }
diff --git a/modules/desktop.nix b/modules/desktop.nix
index 9cbf1cc..f75eda0 100644
--- a/modules/desktop.nix
+++ b/modules/desktop.nix
@@ -15,7 +15,7 @@ with lib; {
         # Configure grub if configured
       })
     (mkIf nc.setupGrub {
-      ## Boot, drivers, and host name
+      # Boot, drivers, and host name
       # Use grub
       boot.loader = {
         grub = {
@@ -32,8 +32,8 @@ with lib; {
           canTouchEfiVariables = false;
         };
       };
-      # Configure audio
     })
+    # Configure audio
     (mkIf nc.audio {
       # Disable normal audio subsystem explicitly
       sound.enable = false;