nixcfg/modules/nixos/sgx/aesmd_dcap/default.nix

{ options, config, lib, pkgs, ... }:

with lib;
with lib.metacfg;
let
  cfg = config.metacfg.aesmd_dcap;
in
{
  options.metacfg.aesmd_dcap = with types; {
    enable = mkBoolOpt false "Whether or not to enable aesmd in dcap mode.";
  };

  config = mkIf cfg.enable {
    metacfg = {
      nix.extra-substituters = {
        "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
      };
    };
    services.aesmd = {
      enable = true;
      quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;
    };
    systemd.services.aesmd = {
      environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]);
      serviceConfig.BindReadOnlyPaths = [
        "/etc/sgx_default_qcnl.conf"
      ];
    };
  };
}
A new start 2024-03-21 15:00:36 +01:00			`{ options, config, lib, pkgs, ... }:`

			`with lib;`
			`with lib.metacfg;`
			`let`
			`cfg = config.metacfg.aesmd_dcap;`
			`in`
			`{`
			`options.metacfg.aesmd_dcap = with types; {`
			`enable = mkBoolOpt false "Whether or not to enable aesmd in dcap mode.";`
			`};`

			`config = mkIf cfg.enable {`
			`metacfg = {`
			`nix.extra-substituters = {`
			`"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";`
			`};`
			`};`
			`services.aesmd = {`
			`enable = true;`
			`quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl;`
			`};`
			`systemd.services.aesmd = {`
			`environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]);`
			`serviceConfig.BindReadOnlyPaths = [`
			`"/etc/sgx_default_qcnl.conf"`
			`];`
			`};`
			`};`
			`}`