basic building for deck

2025-07-21 19:12:46 -05:00
parent e3bfbae131
commit 1e5f1db195
5 changed files with 17 additions and 19 deletions
--- a/systems/x86_64-linux/deck/boot.nix
+++ b/systems/x86_64-linux/deck/boot.nix
@@ -26,13 +26,10 @@ in
    };

    lanzaboote = {
-      enable = true;
-      pkiBundle = "/etc/secureboot";
      settings = {
        console-mode = "max";
        timeout = "0"; 
     };
-      configurationLimit = 5;
    };

    plymouth = {
--- a/systems/x86_64-linux/deck/configuration.nix
+++ b/systems/x86_64-linux/deck/configuration.nix
@@ -2,10 +2,9 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, namespace, ... }:

 {
-
  nix = {
    settings = {
      substituters = [
@@ -46,10 +45,8 @@
        firefox
        tree
      ];
-      shell = pkgs.zsh;
+      shell = lib.mkForce pkgs.zsh;
    };
-
-    root.shell = pkgs.zsh;
  };

  programs.coolercontrol.enable = true;
--- a/systems/x86_64-linux/deck/default.nix
+++ b/systems/x86_64-linux/deck/default.nix
@@ -26,9 +26,13 @@
    ./networking.nix
    ./sops.nix
  ];
-
+    
  ${namespace} = {
+    hardware.disko.enable = true;
    bootloader.lanzaboote.enable = true;
    desktop.gnome.enable = true;
+    user = {
+      name = "deck";
+    };
  };
 }
--- a/systems/x86_64-linux/deck/networking.nix
+++ b/systems/x86_64-linux/deck/networking.nix
@@ -5,7 +5,7 @@ let
 in
 {
  networking = {
-    hostName = hostname;
+    hostName = lib.mkForce hostname;
    networkmanager = {
      enable = true;
      wifi.powersave = lib.mkDefault false;
--- a/systems/x86_64-linux/deck/sops.nix
+++ b/systems/x86_64-linux/deck/sops.nix
@@ -18,7 +18,7 @@ in
  # Either the group id or group name representation of the secret group
  # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
  sops = {
-    defaultSopsFile = ../../secrets/steamdeck-secrets.yaml;
+    defaultSopsFile = ../../../secrets/steamdeck-secrets.yaml;
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

    # ------------------------------
@@ -33,7 +33,7 @@ in
      };

      "wifi" = {
-        sopsFile = ../../secrets/secrets.yaml;
+        sopsFile = ../../../secrets/secrets.yaml;
      };

      # ------------------------------
@@ -66,37 +66,37 @@ in
      # Secureboot keys
      # ------------------------------
      "secureboot/GUID" = {
-        sopsFile = ../../secrets/secrets.yaml;
+        sopsFile = ../../../secrets/secrets.yaml;
 #        path = "/etc/secureboot/GUID";
        mode = "0600";
      };
      "secureboot/keys/db-key" = {
-        sopsFile = ../../secrets/secrets.yaml;
+        sopsFile = ../../../secrets/secrets.yaml;
 #        path = "/etc/secureboot/keys/db/db.key";
        mode = "0600";
      };
      "secureboot/keys/db-pem" = {
-        sopsFile = ../../secrets/secrets.yaml;
+        sopsFile = ../../../secrets/secrets.yaml;
 #        path = "/etc/secureboot/keys/db/db.pem";
        mode = "0600";
      };
      "secureboot/keys/KEK-key" = {
-        sopsFile = ../../secrets/secrets.yaml;
+        sopsFile = ../../../secrets/secrets.yaml;
 #        path = "/etc/secureboot/keys/KEK/KEK.key";
        mode = "0600";
      };
      "secureboot/keys/KEK-pem" = {
-        sopsFile = ../../secrets/secrets.yaml;
+        sopsFile = ../../../secrets/secrets.yaml;
 #        path = "/etc/secureboot/keys/KEK/KEK.pem";
        mode = "0600";
      };
      "secureboot/keys/PK-key" = {
-        sopsFile = ../../secrets/secrets.yaml;
+        sopsFile = ../../../secrets/secrets.yaml;
 #        path = "/etc/secureboot/keys/PK/PK.key";
        mode = "0600";
      };
      "secureboot/keys/PK-pem" = {
-        sopsFile = ../../secrets/secrets.yaml;
+        sopsFile = ../../../secrets/secrets.yaml;
 #        path = "/etc/secureboot/keys/PK/PK.pem";
        mode = "0600";
      };