From 4a78e643f0da358232efcc4db1ed3f6ed35e2ee6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?=
 <leon.schwarzaeugl@imba.oeaw.ac.at>
Date: Sun, 23 Mar 2025 00:27:52 +0100
Subject: [PATCH] feat: enable fallback initrd systemd for work

---
 SwarselSystems.org               | 12 +++++++++++-
 profiles/nixos/optional/work.nix |  9 ++++++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/SwarselSystems.org b/SwarselSystems.org
index 8c2d01f..181a261 100644
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@@ -8325,7 +8325,17 @@ Options that I need specifically at work. There are more options at [[#h:f0b2ea9
       };
     };
 
-    # boot.initrd.luks.yubikeySupport = true;
+    boot.initrd = {
+      systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
+      luks = {
+        # disable "support" since we use systemd-cryptenroll
+        # make sure yubikeys are enrolled using
+        # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2
+        yubikeySupport = false;
+        fido2Support = false;
+      };
+    };
+
     programs = {
       zsh.shellInit = ''
         export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
diff --git a/profiles/nixos/optional/work.nix b/profiles/nixos/optional/work.nix
index 1838c6d..78a39a6 100644
--- a/profiles/nixos/optional/work.nix
+++ b/profiles/nixos/optional/work.nix
@@ -16,7 +16,14 @@ in
     };
   };
 
-  # boot.initrd.luks.yubikeySupport = true;
+  boot.initrd = {
+    systemd.enable = true;
+    luks = {
+      yubikeySupport = false;
+      fido2Support = false;
+    };
+  };
+
   programs = {
     zsh.shellInit = ''
       export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"