Just wanted to say thanks, this line was what did the trick for me. The only other things I did earlier were 1) systemd-cryptenroll command from above and 2) add crypttabExtraOpts = [ "tpm2-device=auto" ]; in Disko. I have removed all the other tpm2* related settings (incl. kernel modules and packages) from configuration.nix, and it still works now!
2 Likes