diff --git a/systems/x86_64-linux/deck/boot.nix b/systems/x86_64-linux/deck/boot.nix index a95cf02..8b5e7cb 100755 --- a/systems/x86_64-linux/deck/boot.nix +++ b/systems/x86_64-linux/deck/boot.nix @@ -26,13 +26,10 @@ in }; lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; settings = { console-mode = "max"; timeout = "0"; }; - configurationLimit = 5; }; plymouth = { diff --git a/systems/x86_64-linux/deck/configuration.nix b/systems/x86_64-linux/deck/configuration.nix index 104f0d9..d8dc727 100755 --- a/systems/x86_64-linux/deck/configuration.nix +++ b/systems/x86_64-linux/deck/configuration.nix @@ -2,10 +2,9 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, namespace, ... }: { - nix = { settings = { substituters = [ @@ -46,10 +45,8 @@ firefox tree ]; - shell = pkgs.zsh; + shell = lib.mkForce pkgs.zsh; }; - - root.shell = pkgs.zsh; }; programs.coolercontrol.enable = true; diff --git a/systems/x86_64-linux/deck/default.nix b/systems/x86_64-linux/deck/default.nix index 9392f46..ef15414 100644 --- a/systems/x86_64-linux/deck/default.nix +++ b/systems/x86_64-linux/deck/default.nix @@ -26,9 +26,13 @@ ./networking.nix ./sops.nix ]; - + ${namespace} = { + hardware.disko.enable = true; bootloader.lanzaboote.enable = true; desktop.gnome.enable = true; + user = { + name = "deck"; + }; }; } \ No newline at end of file diff --git a/systems/x86_64-linux/deck/networking.nix b/systems/x86_64-linux/deck/networking.nix index 1c02faf..30a732e 100644 --- a/systems/x86_64-linux/deck/networking.nix +++ b/systems/x86_64-linux/deck/networking.nix @@ -5,7 +5,7 @@ let in { networking = { - hostName = hostname; + hostName = lib.mkForce hostname; networkmanager = { enable = true; wifi.powersave = lib.mkDefault false; diff --git a/systems/x86_64-linux/deck/sops.nix b/systems/x86_64-linux/deck/sops.nix index 6646769..775c515 100755 --- a/systems/x86_64-linux/deck/sops.nix +++ b/systems/x86_64-linux/deck/sops.nix @@ -18,7 +18,7 @@ in # Either the group id or group name representation of the secret group # It is recommended to get the group name from `config.users.users..group` to avoid misconfiguration sops = { - defaultSopsFile = ../../secrets/steamdeck-secrets.yaml; + defaultSopsFile = ../../../secrets/steamdeck-secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # ------------------------------ @@ -33,7 +33,7 @@ in }; "wifi" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; }; # ------------------------------ @@ -66,37 +66,37 @@ in # Secureboot keys # ------------------------------ "secureboot/GUID" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; # path = "/etc/secureboot/GUID"; mode = "0600"; }; "secureboot/keys/db-key" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; # path = "/etc/secureboot/keys/db/db.key"; mode = "0600"; }; "secureboot/keys/db-pem" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; # path = "/etc/secureboot/keys/db/db.pem"; mode = "0600"; }; "secureboot/keys/KEK-key" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; # path = "/etc/secureboot/keys/KEK/KEK.key"; mode = "0600"; }; "secureboot/keys/KEK-pem" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; # path = "/etc/secureboot/keys/KEK/KEK.pem"; mode = "0600"; }; "secureboot/keys/PK-key" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; # path = "/etc/secureboot/keys/PK/PK.key"; mode = "0600"; }; "secureboot/keys/PK-pem" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; # path = "/etc/secureboot/keys/PK/PK.pem"; mode = "0600"; };