nixos/tcsd: several improvements and fixes

- Actually run tcsd as tss/tss
- Install a udev rule to set /dev/tpm* permissions
- Remove systemd-udev-settle dependency, use dev-tpm0.device instead
- Use systemd-tmpfiles to set up the state directory
- Add documentation URI to tcsd.service

This module cannot be easily tested with a NixOS test due to the TPM
dependency. Technically, one could be emulated using swtpm[1], but this
is not packaged in Nixpkgs. If you computer has a real TPM you can do a
passthrough in Qemu, but this requires running the VM as root and of
course it's not determinstic:

    $ nix build -f nixos vm --arg configuration '
      {
        virtualisation.qemu.options = [
          "-tpmdev passthrough,id=tpm0,path=/dev/tpm0,cancel-path=/sys/class/tpm/tpm0/cancel"
          "-device tpm-tis,tpmdev=tpm0"
        ];
        users.users.root.hashedPassword = "";
        services.tcsd.enable = true;
      }'

After starting the VM, log in as root, you can check the service has
started with `systemctl status tcsd`.

[1]: https://github.com/stefanberger/swtpm

0 files changed, 0 insertions, 0 deletions