basic building for deck
This commit is contained in:
mjallen18
@@ -26,13 +26,10 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
lanzaboote = {
|
lanzaboote = {
|
||||||
enable = true;
|
|
||||||
pkiBundle = "/etc/secureboot";
|
|
||||||
settings = {
|
settings = {
|
||||||
console-mode = "max";
|
console-mode = "max";
|
||||||
timeout = "0";
|
timeout = "0";
|
||||||
};
|
};
|
||||||
configurationLimit = 5;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
plymouth = {
|
plymouth = {
|
||||||
|
|||||||
@@ -2,10 +2,9 @@
|
|||||||
# your system. Help is available in the configuration.nix(5) man page, on
|
# your system. Help is available in the configuration.nix(5) man page, on
|
||||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
|
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, namespace, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
settings = {
|
settings = {
|
||||||
substituters = [
|
substituters = [
|
||||||
@@ -46,10 +45,8 @@
|
|||||||
firefox
|
firefox
|
||||||
tree
|
tree
|
||||||
];
|
];
|
||||||
shell = pkgs.zsh;
|
shell = lib.mkForce pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
||||||
root.shell = pkgs.zsh;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.coolercontrol.enable = true;
|
programs.coolercontrol.enable = true;
|
||||||
|
|||||||
@@ -26,9 +26,13 @@
|
|||||||
./networking.nix
|
./networking.nix
|
||||||
./sops.nix
|
./sops.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
${namespace} = {
|
${namespace} = {
|
||||||
|
hardware.disko.enable = true;
|
||||||
bootloader.lanzaboote.enable = true;
|
bootloader.lanzaboote.enable = true;
|
||||||
desktop.gnome.enable = true;
|
desktop.gnome.enable = true;
|
||||||
|
user = {
|
||||||
|
name = "deck";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -5,7 +5,7 @@ let
|
|||||||
in
|
in
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
hostName = hostname;
|
hostName = lib.mkForce hostname;
|
||||||
networkmanager = {
|
networkmanager = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wifi.powersave = lib.mkDefault false;
|
wifi.powersave = lib.mkDefault false;
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ in
|
|||||||
# Either the group id or group name representation of the secret group
|
# Either the group id or group name representation of the secret group
|
||||||
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
|
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ../../secrets/steamdeck-secrets.yaml;
|
defaultSopsFile = ../../../secrets/steamdeck-secrets.yaml;
|
||||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
@@ -33,7 +33,7 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
"wifi" = {
|
"wifi" = {
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/secrets.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
@@ -66,37 +66,37 @@ in
|
|||||||
# Secureboot keys
|
# Secureboot keys
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
"secureboot/GUID" = {
|
"secureboot/GUID" = {
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/secrets.yaml;
|
||||||
# path = "/etc/secureboot/GUID";
|
# path = "/etc/secureboot/GUID";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
"secureboot/keys/db-key" = {
|
"secureboot/keys/db-key" = {
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/secrets.yaml;
|
||||||
# path = "/etc/secureboot/keys/db/db.key";
|
# path = "/etc/secureboot/keys/db/db.key";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
"secureboot/keys/db-pem" = {
|
"secureboot/keys/db-pem" = {
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/secrets.yaml;
|
||||||
# path = "/etc/secureboot/keys/db/db.pem";
|
# path = "/etc/secureboot/keys/db/db.pem";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
"secureboot/keys/KEK-key" = {
|
"secureboot/keys/KEK-key" = {
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/secrets.yaml;
|
||||||
# path = "/etc/secureboot/keys/KEK/KEK.key";
|
# path = "/etc/secureboot/keys/KEK/KEK.key";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
"secureboot/keys/KEK-pem" = {
|
"secureboot/keys/KEK-pem" = {
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/secrets.yaml;
|
||||||
# path = "/etc/secureboot/keys/KEK/KEK.pem";
|
# path = "/etc/secureboot/keys/KEK/KEK.pem";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
"secureboot/keys/PK-key" = {
|
"secureboot/keys/PK-key" = {
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/secrets.yaml;
|
||||||
# path = "/etc/secureboot/keys/PK/PK.key";
|
# path = "/etc/secureboot/keys/PK/PK.key";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
"secureboot/keys/PK-pem" = {
|
"secureboot/keys/PK-pem" = {
|
||||||
sopsFile = ../../secrets/secrets.yaml;
|
sopsFile = ../../../secrets/secrets.yaml;
|
||||||
# path = "/etc/secureboot/keys/PK/PK.pem";
|
# path = "/etc/secureboot/keys/PK/PK.pem";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user