commit 538312709e3118ac277551bca7a6dfbbe004849d · pyrox.dev/nixpkgs

+22 -13
nixos/modules/services/hardware/tcsd.nix
···

       119
       119
        
       

     

       120
       120
        
           environment.systemPackages = [ pkgs.trousers ];

     

       121
       121
        
       

     

       122
       122
       -
       #    system.activationScripts.tcsd =

     

       123
       123
       -
       #      ''

     

       124
       124
       -
       #        chown ${cfg.user}:${cfg.group} ${tcsdConf}

     

       125
       125
       -
       #      '';

     

       122
       122
       +
           services.udev.extraRules = ''

     

       123
       123
       +
             # Give tcsd ownership of all TPM devices

     

       124
       124
       +
             KERNEL=="tpm[0-9]*", MODE="0660", OWNER="${cfg.user}", GROUP="${cfg.group}"

     

       125
       125
       +
             # Tag TPM devices to create a .device unit for tcsd to depend on

     

       126
       126
       +
             ACTION=="add", KERNEL=="tpm[0-9]*", TAG+="systemd"

     

       127
       127
       +
           '';

     

       128
       128
       +
       

     

       129
       129
       +
           systemd.tmpfiles.rules = [

     

       130
       130
       +
             # Initialise the state directory

     

       131
       131
       +
             "d ${cfg.stateDir} 0770 ${cfg.user} ${cfg.group} - -"

     

       132
       132
       +
           ];

     

       126
       133
        
       

     

       127
       134
        
           systemd.services.tcsd = {

     

       128
       128
       -
             description = "TCSD";

     

       129
       129
       -
             after = [ "systemd-udev-settle.service" ];

     

       135
       135
       +
             description = "Manager for Trusted Computing resources";

     

       136
       136
       +
             documentation = [ "man:tcsd(8)" ];

     

       137
       137
       +
       

     

       138
       138
       +
             requires = [ "dev-tpm0.device" ];

     

       139
       139
       +
             after = [ "dev-tpm0.device" ];

     

       130
       140
        
             wantedBy = [ "multi-user.target" ];

     

       131
       131
       -
             path = [ pkgs.trousers ];

     

       132
       132
       -
             preStart =

     

       133
       133
       -
               ''

     

       134
       134
       -
               mkdir -m 0700 -p ${cfg.stateDir}

     

       135
       135
       -
               chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}

     

       136
       136
       -
               '';

     

       137
       137
       -
             serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";

     

       141
       141
       +
       

     

       142
       142
       +
             serviceConfig = {

     

       143
       143
       +
               User = cfg.user;

     

       144
       144
       +
               Group = cfg.group;

     

       145
       145
       +
               ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";

     

       146
       146
       +
             };

     

       138
       147
        
           };

     

       139
       148
        
       

     

       140
       149
        
           users.users = optionalAttrs (cfg.user == "tss") {