diff --git a/nixos/modules/services/hardware/tcsd.nix b/nixos/modules/services/hardware/tcsd.nix index e414b9647c9b..24bb20b0146d 100644 --- a/nixos/modules/services/hardware/tcsd.nix +++ b/nixos/modules/services/hardware/tcsd.nix @@ -1,8 +1,5 @@ # tcsd daemon. - { config, options, pkgs, lib, ... }: - -with lib; let cfg = config.services.tcsd; @@ -37,9 +34,9 @@ in services.tcsd = { - enable = mkOption { + enable = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; description = '' Whether to enable tcsd, a Trusted Computing management service that provides TCG Software Stack (TSS). The tcsd daemon is @@ -48,21 +45,21 @@ in ''; }; - user = mkOption { + user = lib.mkOption { default = "tss"; - type = types.str; + type = lib.types.str; description = "User account under which tcsd runs."; }; - group = mkOption { + group = lib.mkOption { default = "tss"; - type = types.str; + type = lib.types.str; description = "Group account under which tcsd runs."; }; - stateDir = mkOption { + stateDir = lib.mkOption { default = "/var/lib/tpm"; - type = types.path; + type = lib.types.path; description = '' The location of the system persistent storage file. The system persistent storage file holds keys and data across @@ -70,22 +67,22 @@ in ''; }; - firmwarePCRs = mkOption { + firmwarePCRs = lib.mkOption { default = "0,1,2,3,4,5,6,7"; - type = types.str; + type = lib.types.str; description = "PCR indices used in the TPM for firmware measurements."; }; - kernelPCRs = mkOption { + kernelPCRs = lib.mkOption { default = "8,9,10,11,12"; - type = types.str; + type = lib.types.str; description = "PCR indices used in the TPM for kernel measurements."; }; - platformCred = mkOption { + platformCred = lib.mkOption { default = "${cfg.stateDir}/platform.cert"; - defaultText = literalExpression ''"''${config.${opt.stateDir}}/platform.cert"''; - type = types.path; + defaultText = lib.literalExpression ''"''${config.${opt.stateDir}}/platform.cert"''; + type = lib.types.path; description = '' Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials @@ -96,19 +93,19 @@ in on this process. ''; }; - conformanceCred = mkOption { + conformanceCred = lib.mkOption { default = "${cfg.stateDir}/conformance.cert"; - defaultText = literalExpression ''"''${config.${opt.stateDir}}/conformance.cert"''; - type = types.path; + defaultText = lib.literalExpression ''"''${config.${opt.stateDir}}/conformance.cert"''; + type = lib.types.path; description = '' Path to the conformance credential for your TPM. See also the platformCred option''; }; - endorsementCred = mkOption { + endorsementCred = lib.mkOption { default = "${cfg.stateDir}/endorsement.cert"; - defaultText = literalExpression ''"''${config.${opt.stateDir}}/endorsement.cert"''; - type = types.path; + defaultText = lib.literalExpression ''"''${config.${opt.stateDir}}/endorsement.cert"''; + type = lib.types.path; description = '' Path to the endorsement credential for your TPM. See also the platformCred option''; @@ -119,7 +116,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.trousers ]; @@ -150,13 +147,13 @@ in }; }; - users.users = optionalAttrs (cfg.user == "tss") { + users.users = lib.optionalAttrs (cfg.user == "tss") { tss = { group = "tss"; isSystemUser = true; }; }; - users.groups = optionalAttrs (cfg.group == "tss") { tss = {}; }; + users.groups = lib.optionalAttrs (cfg.group == "tss") { tss = {}; }; }; }