cleanup nas I think or something

modules/nixos/security/tpm/default.nix

@@ -0,0 +1,33 @@
+{ config, lib, namespace, ... }:
+with lib;
+let
+  # inherit (lib.${namespace}) mkOpt;
+  cfg = config.${namespace}.security.tpm;
+in
+{
+  options.${namespace}.security.tpm = {
+    enable = mkEnableOption "enable tpm";
+  };
+
+  config = mkIf cfg.enable {
+
+    security.tpm2 = {
+      enable = lib.mkDefault true;
+    };
+
+    boot = {
+      initrd = {
+        kernelModules = [
+          "tpm"
+          "tpm_tis"
+          "tpm_crb"
+          "tpm_infineon"
+        ];
+        systemd = {
+          enable = lib.mkDefault true;
+          tpm2.enable = lib.mkDefault true;
+        };
+      };
+    };
+  };
+}