mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

secureboot on nas eventually maybe

Browse Source
This commit is contained in:
mjallen18
2025-03-17 22:04:23 -05:00
parent ef3b91a764
commit 30efd12531
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.sops.yaml
View File

@@ -13,5 +13,6 @@ creation_rules:
- *matt
- *matt_pi4
- *desktop
- *admin
- *jallen-nas
- *pi4

35
hosts/nas/sops.nix
View File

@@ -112,6 +112,41 @@
mode = "0600";
};
sops.secrets."secureboot/GUID" = {
path = "/etc/secureboot/GUID";
mode = "0600";
};
sops.secrets."secureboot/keys/db-key" = {
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
sops.secrets."secureboot/keys/db-pem" = {
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
sops.secrets."secureboot/keys/KEK-key" = {
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
sops.secrets."secureboot/keys/KEK-pem" = {
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
sops.secrets."secureboot/keys/PK-key" = {
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
sops.secrets."secureboot/keys/PK-pem" = {
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
# Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others
# 7 - full (rwx)