{ ... }: { security.tpm2 = { enable = true; pkcs11.enable = true; tctiEnvironment.enable = true; }; users.users.artemis.extraGroups = [ "tss" ]; }